jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ChadDavis <chadmichaelda...@gmail.com>
Subject Security Questions
Date Thu, 23 Jun 2011 18:16:06 GMT
I'm trying to decide how to implement a simple security model around
my remotely deployed repository.  My requirements are simple.

REQUIREMENTS

1) I don't need external authorization of management of my JCR users.
As I understand it, I can use the user management bit provided by
Jackrabbit to store my JCR users.

2) I want to have an admin user with full rights on the whole repo, an
anonymous read only user, and a number of users for my various
application / clients with subtree specific full rights (ACL).

Right now, I'm trying to set this up with DefaultSecurityManager,
DefaultAccessManager, and the DefaultLoginModule.

QUESTIONS:

1) is this an appropriate set up for my use case

2) I've somehow figured out that the DefaultLoginModule uses a couple
of default users, with anonymous and admin rights, and the ID's for
these users are configured via params to the default login module in
repository.xml.  But I can't find any documentation of this user
config, or documentation of other similar config.

3) how do you configure the passowrd for the default admin and
anonymous users?

4) can I also declare other users in the repository.xml?

Mime
View raw message