Hi, On Mon, Jan 25, 2010 at 3:24 PM, Felix Meschberger <[email protected]> wrote: > On 25.01.2010 15:02, Jukka Zitting wrote: >> RepositoryManager interface for which we already solved the >> "administrator-only" access problem. > > Please excuse my ignorance: What RepositoryManager interface are you > talking of. The one I find in > org.apache.jackrabbit.api.management.RepositoryManager and its > implementation o.a.j.core.RepositoryManagerImpl do not seem to "solve" > this issue.
That's the one. The point about this interface is that normal client code that's given a Session or a Repository instance can never get access to the RepositoryManager instance. Only code that instantiated the Repository can use the JackrabbitRepositoryFactory.getRepositoryManager() method to get the RepositoryManager instance. > Actually: the JackrabbitRepository.shutdown() method is also very > dangerous and does not require any level of protection. Or am I misssing > something ? The location shutdown() method has quite often been deemed a mistake. The plan is to deprecate the shutdown() method in favor of RepositoryManager.stop(). See http://markmail.org/message/ghfqwhivipkxakwh for the related thread from last September. BR, Jukka Zitting
