jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Douglass" <douglass.d...@gmail.com>
Subject Re: CAS in jackrabbit
Date Tue, 28 Oct 2008 17:02:40 GMT
On Mon, Oct 27, 2008 at 9:08 PM, iapilgrim <iapilgrim@gmail.com> wrote:

> Hi Doug,
> I am about to add PERMISSIONs/RIGHTs to my app. I intent to use Spring
> Security. I don't know how to use it right now. I have some questions
> + What are the reasons that make you not use Spring Security but implement
> one for your own?
> + I don't understand your solution but it seems to be restricted by the
> limit set of actual ACLs. My app is very big, so which strategy to
> implement
> My security module is  complex. It is used for CMS application.
> Regards,
> Van

??? we _did_ use Spring Security, though it was called ACEGI at the time. We
chose not use the JCR AccessManager for the very reason vlad questioned --
we needed to derive the ACL for a repository object from the properties of
the object and AccessManager, in and of itself, did not provide a means
(i.e., session) to retrieve the repository object. Though we could have
injected a session into the AccessManager for this, querying twice the for
same object "smells" a bit, even if Jackrabbit's caching mitigates most
performance issues.

Yes, the app I'm speaking of had a small set of ACLs (tens), and a
relatively small set objects (tens of thousands), and using AOP for object
authorization had other advantages for the project, so I'm not suggesting it
is THE answer, only an alternative.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message