jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@day.com>
Subject Re: Jackrabbit 1.5 ACL Basics
Date Thu, 08 Jan 2009 11:41:51 GMT
hi sebastian

> I'm trying to find some documentation on Jackrabbit 1.5 security using ACLs,

the jackrabbit 1.5 security functionality is a work-in-progress
snapshot of the upcoming jsr 283.
you may find some documentation though probably not the latest
version with the JSR 283 public draft.

alternatively you may take a look at the tmp. 283 security API
present with jackrabbit-api.

> I'm trying to initialize my repository creating the ACL and ACE nodes by
> hand, without having to do it programatically. 

what do you mean by hand?

> I'd like to know what kind of
> structure I should use. Looking at the source code I've come to the
> conclusion that my access controlled nodes must have the mixin type rep:acl,
> and a child node with mixin type rep:ace for each entry. These entries will
> then have the principal and privileges in it's properties, that must have
> the name specified in the AccessControlConstants interface. Is this the
> basic idea or am I being mistaken?

the basic idea is that the AccessControlManager exposes 
AccessControlPolicies which may or may not be ACL depending
on the implementation.

the current attempt is to make that somehow configurable
allowing to define other ac evaluation systems. the provider
of that evaluation system can be set individually for each

currently jackrabbit-core contains examples for

a) an ACL based system that is defined on the access
    controlled nodes themselves,
b) an ACL based system that stores the entries in a separate
    tree grouped by principals,
c) a combination of both
d) and last but not least a simple example of a named policies
without aces (currently used by default to manage access to
users and groups).

if you change the default configuration to use the 
DefaultSecurityManager you will be default get a) + d).

will all examples listed above the security content is
protected and should only be manipulated using the API.

hope that helps

View raw message