jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: Using rescrictions in Principal based ACL
Date Tue, 31 May 2011 10:52:40 GMT
hi husain

> I am trying to use Principal based ACL but am not getting a clear idea of
> how the restrictions work.
> For example, if I want to allow a newly created user / group  to access the
> workspace, how do I do it (I have removed Everyone ACE with full read
> access)?

since the principal-based acls are not stored with the resource
you have to specify the target node's path as restriction. the
restrictions allowed/mandated by the ACL are:

----------------------------------------------------
restr.name   |             | value type
----------------------------------------------------
rep:nodePath | mandatory   | PATH
rep:glob     | optional    | STRING
----------------------------------------------------

in other words: you always have define a restriction map containing
at least a rep:nodePath + PATH-value entry when creating a new ACE.

see also JackrabbitAccessControlList#addEntry(Principal principal, 
Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions)

hope that helps.

regards
angela

Mime
View raw message