jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anuj Kumar <anujs...@gmail.com>
Subject Access Control Management with JCR
Date Tue, 16 Aug 2011 16:26:34 GMT
Hello Everyone,

I am trying to understand the access management with JCR, using an example
of Blog posts. I am using espblog example of Apache Sling and trying to work
with the permissions on different blog posts. I am trying to create some
content in such a way that it is accessible to only a certain group of
users. Also, there are posts that are public and private.

It is my first attempt with Jackrabbit and Sling, so, please let me know
what works and what does not. That would be of great help. Here are the

Suppose, I have a repository structure as-

-- myapp
    --- blogs
        --- private
        --- public
        --- shared

As, the folder name suggest, I am trying to organize the content depending
on the required security, i.e.
1. If a user wants to publish the blog for everyone, the content is posted
to /myapp/blogs/public/*
2. If a user wants to keep some articles private, it is posted to
3. If a user wants to publish the blog for a limited group of people, the
content is posted to /myapp/blogs/shared/* with appropriate permissions.

Depending on the scenario-

1. The 'private' folder disallows any anonymous access and each content is
accessible only to the author. (All Permissions for the author)
2. The 'public' folder allows everyone, including anonymous (Read, Write)
3. The 'shared' folder has the policies set per content, depending on the
author (Read, Write, Read Permission, Write Permission only to the author or
participating entities)

For this scenario, my questions are-

1. Does it makes sense to have this kind of access policies?
Are there better ways to do so?
2. When I assign the permission to folders- private, public and shared, how
does it effect the permission for parent folders- myapp and blogs?
3. Isn't 'write' permission enough for adding new content nodes to the
existing node on which the 'write' permission is given? I tried assigning
the read, write permissions to a group of blog users on 'private' folder but
it didn't work. The write permission allows you to create child nodes as
well but still I am getting access denied exception. Moreover, if I assign
all the permissions on 'private' node it works, but that includes the read,
write access to permissions as well.

Thanks for your help.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message