Hi Oli The most important rights that can be granted or denied in Clerezza are the rights on Graphs. The Content Graph is thought a the location for publicly available content, well content available to everybody that has access to the platform. Its possible to create other Graphs but currently the data stored by PUT operations or by the thumbnail generator is stored in the Content Graph.
For application code it is possible to do operations requiring more rights than the user executing it has. This is done via the doAsPrivileged method from the Subject Class. This should be done cautiously and typically only after checking for another permission. So with your problem you should consider if not granting read access to the content-graph is the right thing to do, moving data that is more sensitive to other graphs would be closer to the current architecture. If however you really want to work with a read-protected Content Graph you can write services that use doAsPriviledged and selectively return some data from the protected Graph. For Clerezza it might be an improvement to allow different Content Graphs (UnionGraphs with a different set of graphs and possibly a different primary) for different URI spaces, this would allow PUT operation in one URI space to go to a more protected graph than PUTs in another URI space, but I think this is for after the first release.... Reto On Tue, Mar 2, 2010 at 5:09 PM, Oliver Strässer <[email protected]> wrote: > Since the latest updates, I can protect the hole clerezza perfectly, by > deleting the right "reading content graph". > > > > How I can configure the anonymous user, so that the user can access > http://192.168.0.207:8080/thumbnail-service?uri=http://192.168.0.207:8080/digital-assets/3884a083-9e8b-4a8c-9c85-df615e0b08ca&height=410&width=275 > , but the system is protected anyway? > > > > > > The problem I have in another project, where I have an specific url wich the > anonymous user is allowed to request - without access to other bundle url. > > > > > > cheers > > oli > > > > > > > > --getunik ag------------------------------------------- > oliver straesser [email protected] > > hardturmstrasse 101 fon: +41 (0)44 388 55 88 > ch-8005 zuerich fax: +41 (0)44 388 55 89 > > --aktuelles getunik projekt------------------------- > > Agieren Sie lokal! Geo Marketing für Ihre E-Mail Kampagne: > www.geomarketing.com > > > > --best of swiss web awards 2009------------------ > > Gold & Silber für Connect2Earth / Bronze für WWF UK > > > > we make the web a better place - www.getunik.com > > > > > > > > > > ***************************************************************** > > P Bitte drucken Sie dieses E-Mail nur bei Bedarf aus. Die Umwelt dankt es > Ihnen. > > ***************************************************************** > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.trialox.org/mailman/listinfo/users > >
