jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: Where are users stored in the repository?
Date Mon, 22 Oct 2012 08:29:57 GMT
please don't use the configuration as specified below.
it doesn't make sense and is a mixture between jackrabbit's
default setup and the user-per-workspace idea that we use
at adobe.

instead you should change the config to either
a) set SecurityManger class to UserPerWorkspaceSecurityManager
b) set UserManager class to UserManagerImpl

the DefaultSecurityManager expects the users to be stored
in a dedicated extra workspace (see "workspaceName attribute
with the security manager) and makes sure that the user
manager is always bound to that workspace... this contradicts
the aim of the UserPerWorkspaceUserManager.

the only difference between the base class UserManagerImpl and
it's derived variant is that the latter allows you to disable
the 'auto-save' mode (in other other words delegating the
responsibility of calling save to the editing session) and
allows to retrieve the path of an authorizable. both features
only make sense if the user manager is guaranteed to be bound
to the editing session which is not the case with DefaultSecurityManager.

kind regards

On 10/13/12 2:38 PM, Chetan Mehrotra wrote:
> You can control the location where are user are created by default
> through UserManager config which is by default optional
>   <SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager">
>              <!--
>              optional user manager configuration
>              -->
>              <UserManager
> class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">
>                  <param name="usersPath" value="/home/users"/>
>                  <param name="groupsPath" value="/home/groups"/>
>                  <param name="defaultDepth" value="1"/>
>                  <param name="autoExpandTree" value="true"/>
>                  <AuthorizableAction
> class="org.apache.jackrabbit.core.security.user.action.AccessControlAction">
>                    <param name="groupPrivilegeNames" value="jcr:read"/>
>                    <param name="userPrivilegeNames" value="jcr:all"/>
>                  </AuthorizableAction>
>              </UserManager>
>              <!--
>              optional workspace access manager configuration
>             -->
>          </SecurityManager>
> Chetan Mehrotra

View raw message