jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Boston <...@tfd.co.uk>
Subject Re: how to implement role based access control
Date Sun, 23 Aug 2009 17:40:08 GMT

On 23 Aug 2009, at 04:23, go canal wrote:

> Hello,
> would like to seek some advices on how to implement role based  
> access control.
> let's say I have several thousands of files, two roles defined A and  
> B. users are assigned role A or B.
> file access control is based on roles.
> How should I implement this role based access control in Jackrabbit?
> 1) should I add a 'role' property in the file node? and then  
> implement my own access manager with isGranted() ?

you could, however you will also need to protect the role property to  
make certain that only authorized users can change it.

There are a number of examples to play with, all configured by adding  
entries into repository.xml

> 2) or should I implement a filter which filters the returned list ?

it will be hard to make this secure, as there are many ways to get a  
node and it all depends on the level of access the "client" has to the  

For instance, approach 1 will generate valid sets of search results  
for the user in question.
2 Would require a custom filter for points at which a search was made.


> thanks in advance !
> canal

View raw message