jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@day.com>
Subject Re: Difference between AccessManager and AccessControlManager
Date Fri, 24 Jul 2009 07:20:54 GMT

>   1. What is the difference between AccessManager and AccessControlManager ?
>      and when should be used ?

- What  : It is an interface defined by JSR 283.
- Access: It is accessed by Session.getAccessControlManager().
- Usage : It is the JCR API way for access control discovery
           and access control modification.

Apache Jackrabbit provides an extension of the AccessControlManager
interface org.apache.jackrabbit.api.security.JackrabbitAccessControlManager

- What  : Adds a couple of extensions to the JCR API interface
           that (from our point of view) are missing  in the standard.
- Access: There is no separate access method. Use
- Usage : Same as AccessControlManager


- What  : An internal interface of jackrabbit-core that is internally
           used to evaluate permissions. No ac modification whatsoever. 

- Access: Only internal access through SessionImpl
- Usage : For internal usage only. API consumers should use the
           standard JCR way to discover permissions and other
           access control.

>   2. How do I inform SimpleAccessManager to return AccessControlPolicy when
> getEffectivePolicies(path) is
>      called ? 

The simple access control implementation is a dummy implementation
and leftover from previous versions of jackrabbit core. It is
pretty convenient because it only distinguishes between anonymous
and logged-in users. but it is not meant to be used in productive
It therefore doesn't allow any AC-modification at all and thus always
returns a dummy effective policy to fulfill the contract of the

> How do I do something like this ? How do I instantiate
> AccessControlPolicy ?
> AccessControlPolicy POLICY = new AccessControlPolicy();

in the simple-access control manager there isn't anything
you can do about policies.

if you want to provide custom policies and allow the API
consumer to modify access control, you may write your
own custom implementation of AccessManager/AccessControlManager
and/or AccessControlProvider interface and change the security 
configuration accordingly.

if you are just looking for a more sophisticated implementation
you may want to check out the default implementation.

hope that helps

View raw message