jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@day.com>
Subject Re: Group denies
Date Tue, 07 Jul 2009 12:46:30 GMT

> I am wondering the reasoning behind not allowing a deny for a set of 
> permissions to be allowed on a group ?

original change behind was that david wished the group membership
to be stored together with the authorizable and not with
the group itself.

while discussing that change, we (chris/david/angela) were also
talking about the 'order' of group membership and the problem
denies impose... consequently david opposed to having denies
for groups in general. that's why i add the check in jackrabbit.

just for your information: we had the same discussion again
last week, reconsidering that decision once again...

> Which appears to be contrary to the advice given in [1], assuming CRX is 
> using the same or similar code.

please note: crx != jackrabbit.
crx 1.4 is not using the same code. the original patch for
user/ac management posted by chrisk (see JCR-1171) is derived
from crx and has been heavily modified in order to match the
requirements from jsr 283.

for the future of crx security stuff please direct yourself
to day directly.


View raw message