jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@day.com>
Subject Re: Limiting child node access in Jackrabbit 1.5
Date Thu, 22 May 2008 08:31:41 GMT
Vidar Ramdal wrote:
> Does no-one really know how to achieve this?
> Maybe Angela Schreiber, who apparently is doing the
> authentication/authorization work for Jackrabbit 1.5, could give me a
> hint?

you cannot withdraw permissions by using
session.getAccessControlManager().addAccessControlEntry
since the method is defined to only grant additional
permissions. nor can you grant 'no_privilege' in order
to withdraw permissions.

that is how it was define in the latest version of
JSR 283.

the jackrabbit implementation currently allows to
edit a policy obtained through AccessControlManager.getPolicy
and there you may add a DENY ace.

but please note (think of this as a bold-red-disclaimer):

as jukka already said the 283 access control is still
being heavily refactored and consequently the complete
security code is prone to major changes without any
further notice. you will have to adjust your code later
on. that's the only thing i can tell you for sure.

sorry for the inconvenience.

angela

Mime
View raw message