jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Boston <...@tfd.co.uk>
Subject Re: Two ACLProviders
Date Wed, 16 Dec 2009 09:31:31 GMT
On 15 Dec 2009, at 22:42, Mat Lowery wrote:

> What are the differences between
> org.apache.jackrabbit.core.security.authorization.acl.ACLProvider and

IIRC, acl enforces acls expressed on content nodes, where an acl is made up of a map of Access
Control Entries, mapped by principal name, each ACE containing 2 arrays, one of granted privileges,
one of dened privileges.

eg as json 
{
"everyone":{"granted":["jcr:read"]}
"ieb":{"granted":["jcr:read","jcr:write"]}

}


> org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider?

AFAICT, this is not used in the default configuration of 1.6, although it looks like it uses
the order of the principals rather than the order of the acls when resolving/compiling a permission
at a node. Certainly the order in which the bit map is constructed changes the final permissions
bitmap.

Ian
Mime
View raw message