You can also provide your Security implementation. ACLSecurityImpl is extendable (or will be shortly) so it is a good place to start. You can override hasPermission() to give certain users complete access to the system.
Coming in 2.2 is an easy way to provide your own implementations of Content, Structure, Lock and Macro as well. This will let you insert custom permission checking logic (instead of just canRead, canWrite, etc) into the content manipulation process. -James On Mon, 2004-12-20 at 14:21 -0600, Tauzell, Dave wrote: > We created our own Store objects. We basically copied the JDBC* classes > and just added in our own security checks. This isn't very elegant but > it works and allows tight integration with our existing security system. > > -Dave > > -----Original Message----- > From: Chris O'Connell [mailto:[EMAIL PROTECTED] > Sent: Monday, December 20, 2004 2:05 PM > To: Slide Users Mailing List > Subject: RE: Using external privilege control > > > Gao, > > The simple solution we are using to this problem is to just turn off the > Slide authentication. Just comment out all the stuff in the web.xml > that has your container checking for user info. Slide will consider the > user to be 'unauthenticated'. If you set up your Slide permissions so > that 'unauthenticated' user can perform reads and writes (actually, I > don't think you need to do anything to make this happen) you will be > good to go. > > We are toying with the idea of setting a userID as the 'comment' > property (for example) so that we know which user did what to each item > in the store. > > Note, if you do this, your store is wide open. We are going to use IP > filtering so that we will only accept requests to the Slide application > from our own data center. Depending on the contents you are storing, > this may not be good enough for you. We are storing images and .wav > files, so it isn't such a big deal. > > Chris > > -----Original Message----- > From: Gao Jun [mailto:[EMAIL PROTECTED] > Sent: Monday, December 20, 2004 12:33 AM > To: slide-user@jakarta.apache.org > Subject: Using external privilege control > > > Hi, > > We are using Slide in our application, as the content management module. > Now we are trying to achieve integration of privilege management > between Slide and our system's other parts: Our system has its own > privilge and role management module. > > We want to do this, if a user > is having some privilege in our system, like "MANAGE_DOCUMENT", then we > will allow this user to be able to access (read and write) any documents > in slide, without checking his/her privilege in Slide. > > I'd like to get some suggestion from all of you. What's the best > stratege to do this? What part of code in Slide should be modified to > achieve this? > > Thanks a lot. > > regards, > > Jun > > > --------------------------------- > Do you Yahoo!? > All your favorites on one personal page - Try My Yahoo! > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
