jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: hiding some sub-folders from mr.anonymous
Date Tue, 25 Jan 2011 20:50:33 GMT
hi yusuf

> I guess I found something usefull here
> *JCR* 2 only defines the ability to add privileges. You need to use the
> *Jackrabbit*-specific *JackrabbitAccessControlList* to add a "deny" access
> control entry.

one additional hint: please note that in the default implementation
privileges granted/denied for a given user always take precedence over
those defined any group the user is member of.

in general we advise to create access control entries for groups
as this improves maintainability of the access control content.
similarly we advise to use allow/deny entries for individual users
where you really want to target that specific user and nobody else...


> http://jackrabbit.510166.n4.nabble.com/Help-with-JCR-2-access-control-td2403697.html
> thanks again Justin :)
> On Sun, Jan 23, 2011 at 2:01 AM, Yusuf Aaji<yusuf.aaji@gmail.com>  wrote:
>> Hi,
>> I have managed to use the default* security classes with jackrabbit and
>> used the access policies in a good way so far.
>> But there is a strange behaviour I'm getting. If I grant everyone or
>> anonymous jcr:read on the root folder, I can't revoke that or override it on
>> any sub-folder no matter what the policies on that sub-folder is.
>> Is this ok, or am I missing something?
>> I mean I need Mr.anonymous to access my repo but I need to hide some
>> folders from him. Sorry anonymous, don't take it personal, but every
>> business have some confidential documents :)
>> any idea jackrabbit developers?!
>> BR,
>> Yusuf

View raw message