jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Mueller" <thomas.tom.muel...@gmail.com>
Subject Re: JSR 283 - Public Review - Content Repository for JavaTM Technology API Version 2.0
Date Tue, 17 Jul 2007 13:00:10 GMT
Hi,

There is now a changelog in the Jackrabbit wiki:

http://wiki.apache.org/jackrabbit/Proposed_JCR_2%2e0_API_Changes

Thomas


On 7/16/07, Torgeir Veimo <torgeir@pobox.com> wrote:
>
> On 16 Jul 2007, at 15:43, David Nuescheler wrote:
>
> > (2) Access Control Management to go beyond the introspection that is
> > already specified
> > in JCR v1.0
>
> It seems that access control in JCR 2.0 is limited to declarative
> security?
>
> I think this is a very bad restriction. Declarative security was
> never sufficient enough for EJBs, and is surely not sufficient for
> all types of applications which might be built on top of a JCR
> repository, and is very often much more verbatim than implied or
> programmatic security.
>
> What I'd like to see would be some means of getting access to Nodes
> in a read-only "before" session and an "after" session in a security
> manager. This would allow implementing a wide range of different
> security managers depending on the application at hand.
>
> I guess there are technical challenges with implementing such session
> access, but it could be an optional feature, and the suggested next
> generation persistence architecture would probably easily support it.
>
> --
> Torgeir Veimo
> torgeir@pobox.com
>
>
>
>

Mime
View raw message