jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Klimetschek" <aklim...@day.com>
Subject Re: SimpleAccessManager-configuration and usage
Date Sat, 04 Oct 2008 16:18:56 GMT
On Fri, Oct 3, 2008 at 9:28 PM, pkrishna <prabhakar.krishnaswami@ge.com> wrote:
> We are trying to implement authorization in a JackRabbit environment. I
> browsed through developer site trying to find how this should be
> implemented. From the posts, I understand that authorization should be
> implemented by us and a good place to start is SimpleAccessManager provided
> by JackRabbit. I was looking for a sample code that instantiates this module
> passing in the AMContext. I searched through the JackRabbit source code and
> test cases and couldn't find one that showed this usage.

Just search the users and dev mailing lists for recent discussions
regarding the implementation of custom LoginModules (authentication)
and AccessManagers (authorization) as well as the ongoing
implementation of JCR-2.0 authentication & authorization (in JCR 1.0
neither was standardized apart from the Repository.login() method
signature and the concept of a userid).

A good place to search for mails is http://jackrabbit.markmail.org

> I examined the SimpleAccessManager class documentation and it has calls like
> canAccess, checkPermissions etc. I assume these calls are related to the
> subject who is logged in. Where do we grant these permissions for a subject.
> Would this be done in repository.xml under the security section?

Wherever you want, that is why these interfaces are present ;-) A
typical way (and the JCR-2.0 way) is to store access rights in the
repository along the nodes, ie. having special subnodes like
"rep:accessControl" that list the ACLs for that node. But you are free
to store them in separate files, databases or simple general rules if
you only need a simple authorization scheme.


Alexander Klimetschek

View raw message