On Thu, May 22, 2008 at 2:27 PM, Jukka Zitting <[EMAIL PROTECTED]> wrote: > > Hi, > > On Thu, May 22, 2008 at 2:37 PM, Vidar Ramdal <[EMAIL PROTECTED]> wrote: > > Yes, I've read the spec draft, but the sections on access control > > policies (6.11.2) is very generic, leaving a lot to be desired by the > > different implementations (as I suspect you know :). Allthough I > > prefer writing as much as possible by the spec, the feature I need > > (limiting child node access) is a must-have. I guess the chances of > > that feature being included in the JSR are pretty slim?
> Doesn't AccessControlManager.addAccessControlEntry() cover your needs? I don't think so, no. There doesn't seem to be a way to restrict privileges, ref. the error I got: http://markmail.org/message/tz3zfoddbmwgllgy (if I'm mistaken, I'd be really happy to know). In contrast, with PolicyTemplate.setEntry(Principal, int, boolean) I can specify a boolean false (for DENY). This specific "negative" ACE would deny access to a child node (AFAIK). > It sounds like you are looking for a setup where you grant access to > the root node, but don't want those permissions to apply to the entire > tree so you can selectively enable access to specific child nodes or > subtrees. Exactly. -- Vidar S. Ramdal <[EMAIL PROTECTED]> - http://www.idium.no Akersgata 16, N-0158 Oslo, Norway
