From users-return-11344-apmail-jackrabbit-users-archive=jackrabbit.apache.org@jackrabbit.apache.org Tue Apr 28 14:19:39 2009 Return-Path: Delivered-To: apmail-jackrabbit-users-archive@minotaur.apache.org Received: (qmail 2216 invoked from network); 28 Apr 2009 14:19:39 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 28 Apr 2009 14:19:39 -0000 Received: (qmail 56964 invoked by uid 500); 28 Apr 2009 14:19:38 -0000 Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org Received: (qmail 56945 invoked by uid 500); 28 Apr 2009 14:19:38 -0000 Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@jackrabbit.apache.org Delivered-To: mailing list users@jackrabbit.apache.org Received: (qmail 56934 invoked by uid 99); 28 Apr 2009 14:19:38 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Apr 2009 14:19:38 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ianboston@googlemail.com designates 209.85.220.162 as permitted sender) Received: from [209.85.220.162] (HELO mail-fx0-f162.google.com) (209.85.220.162) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Apr 2009 14:19:29 +0000 Received: by fxm6 with SMTP id 6so569790fxm.43 for ; Tue, 28 Apr 2009 07:19:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:from:to :content-type:content-transfer-encoding:mime-version:subject:date :x-mailer; bh=SA2a6hiBdaSl8x7ug6x22E63Bb9Uduiwi+B8PHXPqdM=; b=xNEemLZsxhRZPp4r04ucdXGKs7JeO/az/bnSnD+C0rZYOZL/sppVSPCrJlJB9DQeH1 As+prIPywDBFqNMJzRNLVYsILAl53dEqgr4cB4JqI/xuf3UumNIt4whc6BpOdnTdb3De URJG9mZ7Gasi1MJ9GVJLKdCJkwGRGHzR0hTFw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=sender:message-id:from:to:content-type:content-transfer-encoding :mime-version:subject:date:x-mailer; b=x7xLqLgWMAPxA/cFN7L5gpJpkhXe5JH1v8tTsEl+cQeEWhBUQPQY5bgC0Jn/N40b4G x/sIgBZe9zFE/BS9UAwf9SVQ77RbYt9sGfg7vNO2KVWeMPluNUJ2FTAhNTP/SrS/WnyH a1v9KY5p9XNd9cE+EBYd+2FarXlDcxNNBxyo4= Received: by 10.103.243.9 with SMTP id v9mr3925557mur.91.1240928347549; Tue, 28 Apr 2009 07:19:07 -0700 (PDT) Received: from dhcp-56.caret.local (ginger.caret.cam.ac.uk [131.111.21.21]) by mx.google.com with ESMTPS id j9sm6806412mue.51.2009.04.28.07.19.06 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 28 Apr 2009 07:19:07 -0700 (PDT) Sender: Ian Boston Message-Id: <1BF91F42-04C8-45EF-A5CE-D38B03683203@tfd.co.uk> From: Ian Boston To: users@jackrabbit.apache.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Implementing an AccesssControlProvider Date: Tue, 28 Apr 2009 15:19:05 +0100 X-Mailer: Apple Mail (2.930.3) X-Virus-Checked: Checked by ClamAV on apache.org I am trying to extend the standard acl.ACLProvider class so that I can change the way principals are resolved. all I want to do is change the way in which the ACE's are filtered in ACLTemplate.collectEntries(...), probably 5 - 10 lines of code in total, but the classes are so private and protected that the only way I can do this appears to be to copy ACLProvider, ACLEditor, ACLTemplate However when I do that, I discover that protected SecurityItemModifier() { Class cl = getClass(); if (!(cl.equals(UserManagerImpl.class) || cl.equals(ACLEditor.class) || cl .equals (org .apache .jackrabbit .core.security.authorization.principalbased.ACLEditor.class))) { throw new IllegalArgumentException("Only UserManagerImpl and ACLEditor may extend from the SecurityItemModifier"); } } Only a set number of hard coded classes are allowed to extend the Jackrabbit security model which makes the AccessControlProvider interface a bit lame. So my question, what is the correct way to extend the security model or is the only way to re-implement everything at the AccessControlManager level ? Ian