jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@day.com>
Subject Re: Access control on property level?
Date Wed, 19 Nov 2008 15:41:31 GMT
hi roland

> Sorry maybe i wasn't clear enough. i meant grant or deny acces to an
> individual property of a node.

yes... that's what i understood.

> Will this be possible in Jackrabbit 1.6 or 2.0?

that should be possible with jackrabbit 1.5.0 already.
despite the fact that it is still work in progress...

> Because i just checked out the trunk for 1.6-SNAPSHOT and tried to
> restrict the access but got an PathNotFoundException.
> Than i realized ACL's could only be assigned to nodes, but how do i
> build a correct ACL which i can assign to the node?
> am i missing something?

ACLs can only be assigned to Nodes. Similarly a Session
holds a set of Privileges on a given Node (and never on
a Property). this is defined by the JSR 283 access control.

however, you still may have finer grained permissions
even for individual properties or nodes:

quote from the specification:
"
In repositories that do support access control management, the 
permissions encompass the restrictions imposed by privileges, but also 
include any additional policy-internal refinements with effects too 
fine-grained to be exposed through privilege discovery. A common cases 
may be to provide finer-grained access restrictions to individual 
properties or child nodes of the node to which the policy applies.
"

for this purpose jackrabbit defines refined ACL/ACE
interfaces that allow to pass additional restrictions
when creating an ACE. which restrictions are understood
and/or respected is left to the implementation.

you may take a look at
http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplate.java

it is still sort of a draft but you will get the idea.

hope that helps
angela



Mime
View raw message