jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting" <jukka.zitt...@gmail.com>
Subject Re: Authorization
Date Fri, 14 Dec 2007 02:46:29 GMT

On Dec 13, 2007 9:22 PM, qcfireball <qcfireball@yahoo.com> wrote:
> It looks to me so far that Jackrabbit has no "native" Authorization provided
> with it.  I have looked at the source quite a bit the last couple days, and
> there does not seem to be anything of this sort.  Is this true?

Yes, currently we only ship a very rudimentary authorization mechanism
that basically just distinguishes between read-only access for a
specific "anonymous" account, and read-write access to everyone else.

> Are people implementing this themselves using the AccessManager interface?
> Are they using JeCARS to implement repository Authorization, or some other
> pre-built product?

Yes, there are a few threads (mostly on dev@) about implementing
custom AccessManagers. This is currently the recommended way of
implementing authorization policies in Jackrabbit.

Note that Day Software is currently contributing a rather
comprehensive ACL-based authorization component (see
https://issues.apache.org/jira/browse/JCR-1171), but this feature will
unfortunately not make it in the Jackrabbit 1.4 release. And if there
are other generic AccessManagers out there, I'd certainly be
interested in including also them in the Jackrabbit core.


Jukka Zitting

View raw message