jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torgeir Veimo <torg...@pobox.com>
Subject Re: JSR 283 - Public Review - Content Repository for JavaTM Technology API Version 2.0
Date Mon, 16 Jul 2007 19:43:51 GMT

On 16 Jul 2007, at 15:43, David Nuescheler wrote:

> (2) Access Control Management to go beyond the introspection that is
> already specified
> in JCR v1.0

It seems that access control in JCR 2.0 is limited to declarative  
security?

I think this is a very bad restriction. Declarative security was  
never sufficient enough for EJBs, and is surely not sufficient for  
all types of applications which might be built on top of a JCR  
repository, and is very often much more verbatim than implied or  
programmatic security.

What I'd like to see would be some means of getting access to Nodes  
in a read-only "before" session and an "after" session in a security  
manager. This would allow implementing a wide range of different  
security managers depending on the application at hand.

I guess there are technical challenges with implementing such session  
access, but it could be an optional feature, and the suggested next  
generation persistence architecture would probably easily support it.

-- 
Torgeir Veimo
torgeir@pobox.com




Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message