Could you implement a JcrDocumentStore which relays to an underlying JCR repository with subpath jailing for this purpose? Catching it at any other level seems to lead to complications and special cases.
On 22 September 2017 at 01:13, Bertrand Delacretaz <bdelacre...@apache.org> wrote: > Hi, > > I'm presenting next week at https://adapt.to on creating multi-tenant > HTTP request processing / rendering farms with Sling, showing a mix of > Sling-based experiments and theoretical considerations on what would > help creating such farms. > > Having chroot-style [1] user segregation at the repository level would > help: after opening a session as a member of the jail group "foo", > /jails/foo becomes my new root, blocking me from accessing anything > above that and transparently mapping my repository root to /jails/foo. > > Access control can of course help implementing this, but having the > path mapping to transparently jail the user or group in their own > subtree makes things much easier at the application level. > > Has anyone already played with something like this? > Any prototypes or experiments worth mentioning? > > -Bertrand > > [1] https://linux.die.net/man/2/chroot > -- -Tor
