jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From S├ębastien Launay <sebastienlau...@gmail.com>
Subject Re: Access control in Jackrabbit
Date Wed, 16 Dec 2009 15:54:39 GMT
2009/12/16 Zhenhua Guo <jenvor@gmail.com>:
> Basically, it says admin user has id "anonymous" which is default user
> id used by Jackrabbit when the program does not provide a credential
> (when invoking "repository.login()")
> Is that correct?

I do not know exactly how JAAS work but using Repository#login() in
Jackrabbit allows to create a session with the current authenticated user.
IIUC if no authentication has been successful anonymous user is used.

Chances are that you do not use JAAS, therefore I recommend you
to use explicit Credentials where the username is not the anonymousId
(I was just pointing the fact that this id is configurable).

IIRC the user name is useful for access management (restrict access
or actions to nodes) and for storing the lock's owner. You may therefore
want to open session depending on the current user to use these features.

S├ębastien Launay

View raw message