It should only be hardcoded in MacroPropertyUpdater. If you look at NamespaceAccessTokenImpl you'll notice it first tries to instantiate the class named in the "acl_semantics" parameter. You can copy this logic to MacroPropertyUpdater to make them equivalent (this will probably be done in 2.1.1) or you can look at the code in HEAD for the more flexible implementation that will be part of 2.2.
-James On Wed, 2004-12-22 at 19:39 -0800, Gao Jun wrote: > James, > > Thanks for the reply. I like the idea of working on the ACLSecurityImpl layer. > However, I found instantiating of this impl class is hard coded in several > classes, like > > org.apache.slide.macro.MacroPropertyUpdater.getContentHelper() > ... > Security security = new ACLSecurityImpl(event.getNamespace(), > event.getNamespace().getConfig()) > ... > > > org.apache.slide.common.NamespaceAccessTokenImpl constructor > ... > securityHelper = new ACLSecurityImpl(namespace, namespace.getConfig()) > ... > > > I am not sure how many other places have this kind of hardcoding. So for now, > we > have to change all those places to make our own SecurityImpl class work, > right? > Thanks. > > regards, > > Jun > > James Mason <[EMAIL PROTECTED]> wrote: > You can also provide your Security implementation. ACLSecurityImpl is > extendable (or will be shortly) so it is a good place to start. You can > override hasPermission() to give certain users complete access to the > system. > > Coming in 2.2 is an easy way to provide your own implementations of > Content, Structure, Lock and Macro as well. This will let you insert > custom permission checking logic (instead of just canRead, canWrite, > etc) into the content manipulation process. > > -James > > On Mon, 2004-12-20 at 14:21 -0600, Tauzell, Dave wrote: > > We created our own Store objects. We basically copied the JDBC* classes > > and just added in our own security checks. This isn't very elegant but > > it works and allows tight integration with our existing security system. > > > > -Dave > > > > -----Original Message----- > > From: Chris O'Connell [mailto:[EMAIL PROTECTED] > > Sent: Monday, December 20, 2004 2:05 PM > > To: Slide Users Mailing List > > Subject: RE: Using external privilege control > > > > > > Gao, > > > > The simple solution we are using to this problem is to just turn off the > > Slide authentication. Just comment out all the stuff in the web.xml > > that has your container checking for user info. Slide will consider the > > user to be 'unauthenticated'. If you set up your Slide permissions so > > that 'unauthenticated' user can perform reads and writes (actually, I > > don't think you need to do anything to make this happen) you will be > > good to go. > > > > We are toying with the idea of setting a userID as the 'comment' > > property (for example) so that we know which user did what to each item > > in the store. > > > > Note, if you do this, your store is wide open. We are going to use IP > > filtering so that we will only accept requests to the Slide application > > from our own data center. Depending on the contents you are storing, > > this may not be good enough for you. We are storing images and .wav > > files, so it isn't such a big deal. > > > > Chris > > > > -----Original Message----- > > From: Gao Jun [mailto:[EMAIL PROTECTED] > > Sent: Monday, December 20, 2004 12:33 AM > > To: slide-user@jakarta.apache.org > > Subject: Using external privilege control > > > > > > Hi, > > > > We are using Slide in our application, as the content management module. > > Now we are trying to achieve integration of privilege management > > between Slide and our system's other parts: Our system has its own > > privilge and role management module. > > > > We want to do this, if a user > > is having some privilege in our system, like "MANAGE_DOCUMENT", then we > > will allow this user to be able to access (read and write) any documents > > in slide, without checking his/her privilege in Slide. > > > > I'd like to get some suggestion from all of you. What's the best > > stratege to do this? What part of code in Slide should be modified to > > achieve this? > > > > Thanks a lot. > > > > regards, > > > > Jun > > > > > > --------------------------------- > > Do you Yahoo!? > > All your favorites on one personal page - Try My Yahoo! > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------- > Do you Yahoo!? > Yahoo! Mail - Find what you need with new enhanced search. Learn more. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
