jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From connuser1 connuser1 <connus...@gmail.com>
Subject Re: Where are users stored in the repository?
Date Tue, 06 Nov 2012 05:44:27 GMT
Thanks Angela!

I have updated my settings per your suggestion. It seems to be working as
expected.

<SecurityManager
class="org.apache.jackrabbit.core.UserPerWorkspaceSecurityManager">
            <UserManager
class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">
                <param name="usersPath" value="/home/users"/>
                <param name="groupsPath" value="/home/groups"/>
                <param name="defaultDepth" value="1"/>
                <param name="autoExpandTree" value="true"/>
                <AuthorizableAction
class="org.apache.jackrabbit.core.security.user.action.AccessControlAction">
                  <param name="groupPrivilegeNames" value="jcr:read"/>
                  <param name="userPrivilegeNames" value="jcr:all"/>
                </AuthorizableAction>
            </UserManager>

            <!--
            workspace access:
            class: FQN of class implementing the WorkspaceAccessManager
interface
            -->
            <!-- <WorkspaceAccessManager class="..."/> -->
            <!-- <param name="config" value="${rep.home}/security.xml"/> -->
        </SecurityManager>

On Mon, Oct 22, 2012 at 1:59 PM, Angela Schreiber <anchela@adobe.com> wrote:

> please don't use the configuration as specified below.
> it doesn't make sense and is a mixture between jackrabbit's
> default setup and the user-per-workspace idea that we use
> at adobe.
>
> instead you should change the config to either
> a) set SecurityManger class to UserPerWorkspaceSecurityManage**r
> b) set UserManager class to UserManagerImpl
>
> the DefaultSecurityManager expects the users to be stored
> in a dedicated extra workspace (see "workspaceName attribute
> with the security manager) and makes sure that the user
> manager is always bound to that workspace... this contradicts
> the aim of the UserPerWorkspaceUserManager.
>
> the only difference between the base class UserManagerImpl and
> it's derived variant is that the latter allows you to disable
> the 'auto-save' mode (in other other words delegating the
> responsibility of calling save to the editing session) and
> allows to retrieve the path of an authorizable. both features
> only make sense if the user manager is guaranteed to be bound
> to the editing session which is not the case with DefaultSecurityManager.
>
> kind regards
> angela
>
>
>
>
> On 10/13/12 2:38 PM, Chetan Mehrotra wrote:
>
>> You can control the location where are user are created by default
>> through UserManager config which is by default optional
>>
>>   <SecurityManager class="org.apache.jackrabbit.**
>> core.DefaultSecurityManager">
>>              <!--
>>              optional user manager configuration
>>              -->
>>              <UserManager
>> class="org.apache.jackrabbit.**core.security.user.**
>> UserPerWorkspaceUserManager">
>>                  <param name="usersPath" value="/home/users"/>
>>                  <param name="groupsPath" value="/home/groups"/>
>>                  <param name="defaultDepth" value="1"/>
>>                  <param name="autoExpandTree" value="true"/>
>>                  <AuthorizableAction
>> class="org.apache.jackrabbit.**core.security.user.action.**
>> AccessControlAction">
>>                    <param name="groupPrivilegeNames" value="jcr:read"/>
>>                    <param name="userPrivilegeNames" value="jcr:all"/>
>>                  </AuthorizableAction>
>>
>>              </UserManager>
>>
>>              <!--
>>              optional workspace access manager configuration
>>             -->
>>          </SecurityManager>
>>
>>
>> Chetan Mehrotra
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message