Return-Path: Delivered-To: apmail-jackrabbit-users-archive@minotaur.apache.org Received: (qmail 47599 invoked from network); 1 Sep 2010 21:47:08 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 1 Sep 2010 21:47:08 -0000 Received: (qmail 90512 invoked by uid 500); 1 Sep 2010 21:47:08 -0000 Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org Received: (qmail 90443 invoked by uid 500); 1 Sep 2010 21:47:07 -0000 Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@jackrabbit.apache.org Delivered-To: mailing list users@jackrabbit.apache.org Received: (qmail 90434 invoked by uid 99); 1 Sep 2010 21:47:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Sep 2010 21:47:07 +0000 X-ASF-Spam-Status: No, hits=4.2 required=10.0 tests=FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,SPF_HELO_PASS,SPF_NEUTRAL,T_TO_NO_BRKTS_FREEMAIL,URI_HEX X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: 216.139.236.158 is neither permitted nor denied by domain of aimran50@gmail.com) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Sep 2010 21:47:02 +0000 Received: from joe.nabble.com ([192.168.236.151]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1Oqv8j-0006ML-Vo for users@jackrabbit.apache.org; Wed, 01 Sep 2010 14:46:42 -0700 Date: Wed, 1 Sep 2010 14:46:41 -0700 (PDT) From: aimran To: users@jackrabbit.apache.org Message-ID: <1283377601979-2424115.post@n4.nabble.com> In-Reply-To: <4C7EA5DA.4090609@gmail.com> References: <1283365510311-2403697.post@n4.nabble.com> <4C7EA5DA.4090609@gmail.com> Subject: Re: Help with JCR 2 access control MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I tried that. Apparently there is no way to set permissions at root level. Everyone gets read access. Also, it seems that there is no way to set permission such as NO_ACCESS. Everybody gets a read access. So, if I want to set two top level nodes, DEPT1 & DEPT2, they they both get ready view to each other. Cant get them to hide from each other. Another problem I found is that you have to create a user before you can apply the permissions. I didn't find a way to change the password. It is a common scenario for users to change password. There is literally no documentation on the access control feature [apart from spec, which doesn't talk about usage] so I am forced to believe that this is an experimental feature and will take some time to become usable in real life scenarios. Setting access control in LDAP or RDBMS is such a piece of cake. JCR is so weird and convoluted. Ah well, back to relational database [by the time I have this figured out, I can have my app working in MySQL]... Tip to developers: Please make it simpler such as node.setPermission(Principal p, Privileges[] priv);. Whats with the 30 lines of code to get iterators, looping, creating users, casting... -- View this message in context: http://jackrabbit.510166.n4.nabble.com/Help-with-JCR-2-access-control-tp2403697p2424115.html Sent from the Jackrabbit - Users mailing list archive at Nabble.com.