jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torgeir Veimo <torg...@pobox.com>
Subject Re: JSR 283 - Public Review - Content Repository for JavaTM Technology API Version 2.0
Date Mon, 16 Jul 2007 19:43:51 GMT

On 16 Jul 2007, at 15:43, David Nuescheler wrote:

> (2) Access Control Management to go beyond the introspection that is
> already specified
> in JCR v1.0

It seems that access control in JCR 2.0 is limited to declarative  

I think this is a very bad restriction. Declarative security was  
never sufficient enough for EJBs, and is surely not sufficient for  
all types of applications which might be built on top of a JCR  
repository, and is very often much more verbatim than implied or  
programmatic security.

What I'd like to see would be some means of getting access to Nodes  
in a read-only "before" session and an "after" session in a security  
manager. This would allow implementing a wide range of different  
security managers depending on the application at hand.

I guess there are technical challenges with implementing such session  
access, but it could be an optional feature, and the suggested next  
generation persistence architecture would probably easily support it.

Torgeir Veimo

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message