[
https://issues.apache.org/jira/browse/JCR-2103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12728081#action_12728081
]
angela commented on JCR-2103:
-----------------------------
i had a look at the patch and have the following concerns:
- resolving the set principals of a user is done during login and not during
the authorization process.
i don't see why you add an extension to ACLProvider for that.
- you add quite some code to the default implementation with timestamps and
expiration evalution
that is useless in the default, that doesn't have any expiration at all.
- i don't see the relation between resolving principals of a user and
expiration of a ac-Result object.
and i somehow have the feeling that you try use that to hack around some
limitation (which most
probably didn't understand)...
- if i would want to extend the ACLProvider, i'd rather look for
> an extension point how the entries are collected this isn't addressed by
the patch.
> for the possibility to create my custom Result object
> for the ability to individually invalidate Results in a generic way instead
of defining this as
time limit... there might be other means that render an entry invalid...
(e.g. if the cache-cleaning
process was a little cleverer).
and some minor comments
- ACLTemplate.collectEntries got replace by your interface method, but code
wasn't removed.
- indention not as we use to have it in jackrabbit
- javadoc doesn't match method.
the way it is suggested i wouldn't want to extend the ACLProvider.
angela
> Make the Princpal Resolution in the acl.ACLProvider dynamic
> -----------------------------------------------------------
>
> Key: JCR-2103
> URL: https://issues.apache.org/jira/browse/JCR-2103
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 1.5.5
> Reporter: Ian Boston
> Assignee: angela
> Attachments: ExtendACLProvider.patch
>
>
> At the moment, extending the DefaultAccessManager is hard and requires full
> access to the o.a.j.core.
> This patch makes it possible to change the way in which a users set of
> Principals are resolved by providing an extension point in the ACLProvider so
> that an alternative AccessControlProvider could be delivered from
> SecurityManager.
> The patch that follows does not address the extension of the SecurityManager
> which needs to be inside o.a.j.core
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
