jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@day.com>
Subject Re: Get Path from Node
Date Wed, 03 Mar 2010 11:45:06 GMT
Paco Avila wrote:
> I have implemented my own AccessManager, does this method work? And

the AccessManager is a jackrabbit-core internal interface and
is used internally for the access control evaluation.

the AccessControlManager is an interface defined by JSR 283 and
offers access control functionality to the API consumers.

currently jackrabbit assumes that access control functionality
can be exposed if the internal AccessManager implementation also
is an AccessContolManager.

> actually my code is not using jcr-2.0 but I plan to support it soon.

then you can't make use of the jcr 2.0 AccessContolManager...
i would not recommend to use the pre-release interfaces that
were temporarily available in jackrabbit-api as the access
control underwent quite some changes until the final version.

> I'm not very happy with my own implementation of an AccessManager, but
> in jackrabbit 1.4 there was no solution for this. And now, I found a
> bit complex the new authorization API because is pooly documented. I
> have readed the specification but some things like the user management
> is obscure for me: how can I make use of this internal user management
> if my user info is located in an external database?

as of jackrabbit 2.0:

the user management is not part JSR 283 and is an optional
add on in jackrabbit-core. same as the principal discovery which
was by intention was not included in the specification but
left to the implementations.

if you want expose your custom user-management you need to write
your own implementation. otherwise - in case your API consumers
don't need the user management - you may simply omit the user
management (and even principal management)... what you have to
make sure is that the sessions subject is properly populated with
principals based on you user database [-> LoginModule].

the access control evaluation again depends on your needs. you
can use the functionality present with jackrabbit-core that uses
access control lists or you may provide your own logic...


> Cheers.
> On Mon, Mar 1, 2010 at 8:52 PM, Jukka Zitting <jukka.zitting@gmail.com> wrote:
>> Hi,
>> On Mon, Mar 1, 2010 at 8:19 PM, Paco Avila <monkiki@gmail.com> wrote:
>>> myNode.getPath() returns an string, and I need a Path. I need to make a call
>>> boolean isGranted(Path absPath, int permissions)
>>> from AccessManager and this requires a Path.
>> Can you not use the AccessControlManager.hasPrivileges() method [1] for this?
>> [1] http://www.day.com/maven/javax.jcr/javadocs/jcr-2.0/javax/jcr/security/AccessControlManager.html#hasPrivileges(java.lang.String,
>> javax.jcr.security.Privilege[])
>> BR,
>> Jukka Zitting

View raw message