jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Douglass" <douglass.d...@gmail.com>
Subject Re: CAS in jackrabbit
Date Mon, 27 Oct 2008 20:29:50 GMT
Vlad,

This isn't a direct answer to your question, search the ML archives and I
think you'll find similar posting and various solutions. Here's some that I
seem to recall:

 * create/inject a session in your AccessManager to use for object lookup

 * managing a separate set of ItemId-to-ACL data so you don't necessarily
need to access the node in jackrabbit

On one jackrabbit project where we have a DAO layer between application code
and jackrabbit, we side-stepped using AccessManager to enforce ACLs, instead
using AOP interceptors around our DAO layer (via ACEGI, now Spring
Security). The interceptors generate the ACLs on the fly from properties on
the business object retrieved from the repository and filter accordingly.
This works quite well as there is a limited set of actual ACLs and typical
DAO retrieve operations result in between 10 and 100 objects, YMMV.

HTH,
Doug

On Mon, Oct 27, 2008 at 9:38 AM, vlad_v <numaplictisesc@yahoo.com> wrote:

>
> hello
>
> i'm implementing a class MyCASAccessManager implements AccessManager
> and i want to restrict access to repository according to a property value
> of
> each node in repository.
>
> the problem is that in AccessManager, in
> public boolean isGranted(ItemId arg0, int arg1)
>
> with arg0  i can see the current node name that is verified for permission,
> but,
> is there a way to obtain with this ItemId  the node object?
> ( i thought of  getting the property, and then to verify according
> to this property if the current user has or not permissions to this node)
>
> or is there another way to do this?
>
> thank you
> regards,
> vlad
> --
> View this message in context:
> http://www.nabble.com/CAS-in-jackrabbit-tp20190204p20190204.html
> Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message