jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ChadDavis <chadmichaelda...@gmail.com>
Subject Security Questions
Date Thu, 23 Jun 2011 18:16:06 GMT
I'm trying to decide how to implement a simple security model around
my remotely deployed repository.  My requirements are simple.


1) I don't need external authorization of management of my JCR users.
As I understand it, I can use the user management bit provided by
Jackrabbit to store my JCR users.

2) I want to have an admin user with full rights on the whole repo, an
anonymous read only user, and a number of users for my various
application / clients with subtree specific full rights (ACL).

Right now, I'm trying to set this up with DefaultSecurityManager,
DefaultAccessManager, and the DefaultLoginModule.


1) is this an appropriate set up for my use case

2) I've somehow figured out that the DefaultLoginModule uses a couple
of default users, with anonymous and admin rights, and the ID's for
these users are configured via params to the default login module in
repository.xml.  But I can't find any documentation of this user
config, or documentation of other similar config.

3) how do you configure the passowrd for the default admin and
anonymous users?

4) can I also declare other users in the repository.xml?

View raw message