jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paco Avila <monk...@gmail.com>
Subject Re: user management
Date Wed, 03 Mar 2010 00:20:31 GMT
Actually I am working to migrated my application from 1.4 to 1.5
(almost done) and after that I will switch to 1.6. I expect a less
traumatic process from 1.5 to 1.6 than form 1.4 to 1.5 :)

As I have seen in the backwards compatiblity notes in jackrabbit 2.0
there are two potentially dangerous issues with the JSR 283 security
features:

http://issues.apache.org/jira/browse/JCR-2313
http://issues.apache.org/jira/browse/JCR-1944

So, I think better to maintain my own access manager by now.

Thank Angela.

On Tue, Mar 2, 2010 at 9:51 AM, Angela Schreiber <anchela@day.com> wrote:
> Paco Avila wrote:
>>>
>>> From jackrabbit 1.5 there is an user management feature, but Ipm not
>>
>> sure how to deal with this is I use an external user database. Do I
>> need to create an unser using the Jackrabbit API if I add a new user
>> in the external user database?
>
> as of jackrabbit 2.0 the user management can be configured
> with the security manager configuration.
> with previous versions you have to provide you own implementation
> of JackrabbitSecurityManager that exposes your user-manager implementation.
>
> in any case: the access manager and access control evaluation
> doesn't have a dependency to the user management at all.
> in jackrabbit only the DefaultLoginModule and the DefaultPrincipalProvider
> rely on the user management. that's the
> default that was convenient for us...
>
> but note: basically you don't even need to provide any user management
> at all if your LoginModule (and ev. PrincipalManager) doesn't rely on
> it and you don't need the ability to created users/groups with
> jackrabbit.
>
> hope that helps
> angela
>
>



-- 
OpenKM
http://www.openkm.com
http://www.guia-ubuntu.org

Mime
View raw message