jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paco Avila <pav...@git.es>
Subject Re: Access Management - Unix-Style
Date Mon, 03 Sep 2007 10:52:44 GMT
El dom, 02-09-2007 a las 16:15 +0200, Daniel BrŸuen escribió:
> Hi!
> After searching this list and studying documentation I have not found a 
> simple way of doing group-based authorization in jackrabbit.
> If I got it correctly I would need either another tree in the repository 
> storing access permissions or some in-memory chunk of data, because the 
> AccessManager does not allow accessing the node in question (which -in 
> some respect- makes sense). On the other hand there seems almost no 
> alternative to this approach.
> After all, this is very unsatisfying! I simply want unix-style 
> permissions on my nodes.
> I was already thinking about storing permissions in properties and 
> handle the access outside of JAAS and JCR in my EJB... which is not 
> really good style.

In our application (OpenKM) we store authorization info in the same
node. Each node with auth should have this mixing:

[mix:accessControlled] mixin
- okm:authUsersRead (string) multiple mandatory 
- okm:authUsersWrite (string) multiple mandatory 
- okm:authRolesRead (string) multiple mandatory 
- okm:authRolesWrite (string) multiple mandatory 

An when the AccessManager is invoked, we use a SystemSession to get
these properties. SystemSession have access to the whole repository.
Paco Avila <pavila@git.es>

View raw message