Return-Path: Delivered-To: apmail-jackrabbit-users-archive@minotaur.apache.org Received: (qmail 18144 invoked from network); 3 Mar 2010 00:21:05 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 3 Mar 2010 00:21:05 -0000 Received: (qmail 70161 invoked by uid 500); 3 Mar 2010 00:21:00 -0000 Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org Received: (qmail 70087 invoked by uid 500); 3 Mar 2010 00:21:00 -0000 Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@jackrabbit.apache.org Delivered-To: mailing list users@jackrabbit.apache.org Received: (qmail 70078 invoked by uid 99); 3 Mar 2010 00:21:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Mar 2010 00:21:00 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of monkiki@gmail.com designates 209.85.218.220 as permitted sender) Received: from [209.85.218.220] (HELO mail-bw0-f220.google.com) (209.85.218.220) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Mar 2010 00:20:53 +0000 Received: by bwz20 with SMTP id 20so820098bwz.11 for ; Tue, 02 Mar 2010 16:20:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=DmocFB/5QdGQWvypzo5FExt7f4NmoNTzznWGFZKmaIY=; b=vjLBL4hvMFmsH8nsiUqD9UVufjC+pKVoSgKW/8naQqT7gJRgtMxHB9NRTv2BVG2//S CntOEKkjSJX1wWAMTF6Wp6mAyVV5CEx/ABNbR5wRuc/+W+izJTePuJXCMqhwQ9mde/+E kI13GTgdnnE+MZinQQX+WcFYCe+aLM9JXuK1M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=ASHAixsnRaaS6XB0AJaIjONuVp1gCFCmby0MVry9j8ctY8R9n8WmKChzQRjPqrD9Aj TNkjnuhAJ7GRSsh9NycRvr3aFAQOLX01lBSptvrGMGqDOx0FSVyTkldFKRFfAEnkdmCg p9/pzuiSpi29rEDfhY7RqwK7M3HfTk2gTuNd0= MIME-Version: 1.0 Received: by 10.204.156.22 with SMTP id u22mr5354943bkw.24.1267575631897; Tue, 02 Mar 2010 16:20:31 -0800 (PST) In-Reply-To: <4B8CD17E.10504@day.com> References: <8f70391003010805t1c206df9wb300fa25b7999e2f@mail.gmail.com> <4B8CD17E.10504@day.com> Date: Wed, 3 Mar 2010 01:20:31 +0100 Message-ID: <8f70391003021620j454e2a40pb8a742c630400a3c@mail.gmail.com> Subject: Re: user management From: Paco Avila To: users@jackrabbit.apache.org Content-Type: text/plain; charset=ISO-8859-1 Actually I am working to migrated my application from 1.4 to 1.5 (almost done) and after that I will switch to 1.6. I expect a less traumatic process from 1.5 to 1.6 than form 1.4 to 1.5 :) As I have seen in the backwards compatiblity notes in jackrabbit 2.0 there are two potentially dangerous issues with the JSR 283 security features: http://issues.apache.org/jira/browse/JCR-2313 http://issues.apache.org/jira/browse/JCR-1944 So, I think better to maintain my own access manager by now. Thank Angela. On Tue, Mar 2, 2010 at 9:51 AM, Angela Schreiber wrote: > Paco Avila wrote: >>> >>> From jackrabbit 1.5 there is an user management feature, but Ipm not >> >> sure how to deal with this is I use an external user database. Do I >> need to create an unser using the Jackrabbit API if I add a new user >> in the external user database? > > as of jackrabbit 2.0 the user management can be configured > with the security manager configuration. > with previous versions you have to provide you own implementation > of JackrabbitSecurityManager that exposes your user-manager implementation. > > in any case: the access manager and access control evaluation > doesn't have a dependency to the user management at all. > in jackrabbit only the DefaultLoginModule and the DefaultPrincipalProvider > rely on the user management. that's the > default that was convenient for us... > > but note: basically you don't even need to provide any user management > at all if your LoginModule (and ev. PrincipalManager) doesn't rely on > it and you don't need the ability to created users/groups with > jackrabbit. > > hope that helps > angela > > -- OpenKM http://www.openkm.com http://www.guia-ubuntu.org