Thanks for the clarification.
What I am doing now is extend AbstractAccessControlManager and implement
AccessManager.
I still use the same config in repository.xml:
<AccessManager
class="org.apache.jackrabbit.core.security.simple.AnotherAccessManager">
<!-- <param name="config" value="${rep.home}/access.xml"/> -->
</AccessManager>
And I can now access ItemId. I will let you know how I get along. My aim
eventually is to be able to see item info (be it a file or a folder) and
attached metadata (properties, file properties, user-defined properties...)
I will post here my results for future reference.
David.
On Thu, Feb 25, 2010 at 6:50 PM, Mat Lowery <[email protected]> wrote:
> All comments result from my experiences with Jackrabbit 1.6. Version 1.6
> is a weird beast because it contains a full JCR 1.0 implementation with some
> JCR 2.0 implementation too. (But the JCR 2.0 implementation isn't against
> the standard JCR 2.0 interfaces.) So AccessControlManager (a JCR 2.0
> interface) exists in Jackrabbit 1.6 but it doesn't implement the standard
> interface.
>
> There is no JCR API for configuring access control logic. Jackrabbit's
> SimpleAccessManager doesn't care about the "target of the user's request."
> Instead, I recommend turning on DefaultAccessManager and putting your
> breakpoint at
> org.apache.jackrabbit.core.security.authorization.acl.ACLProvider$AbstractCompiledPermissions#buildResult(Path).
> The Path object is the "target of the user's request." This is where ACL
> decisions are made with this manager.
>
> AccessControlManager is the JCR 2.0 method of getting and setting the
> policy for a given path. The only policies that I have used are
> javax.jcr.security.AccessControlList. This is a traditional ACL.
>
>
> On Thu, 2010-02-25 at 17:31 +0100, David Brossard wrote:
>
> Hi folks,
>
> I am new to this list and to Jackrabbit. My interest lies mainly in JCR
> rather than Jackrabbit per se...
>
> I downloaded and started running Jackrabbit on top of my own webapp. Very
> smooth beginning, no probs. I wanted to play around with security so I:
>
> (a) had a look at repository.xml
> (b) edited <AccessManager class=" to point to a class I wrote and that is
> an exact copy of
> org.apache.jackrabbit.core.security.simple.SimpleAccessManager
> (c) started looking at the session and the context objects
>
> From what I can see I can find the subject object which lets me know who
> authenticated. I can also retrieve the userid from the session...
>
> But I would now like to know what node the user is trying to access. If I
> want some smart access control, it should take into account the target of
> the user's request. I couldn't find anything like that.
>
> In addition, what is the AccessControlManager and what policies is it
> referring to?
>
> Cheers,
> David.
>
>
>
--
---
David Brossard
http://www.linkedin.com/in/davidbrossard
http://twitter.com/davidjbrossard
http://delicious.com/foggybottom
---
Stay safe on the Internet: http://www.ic3.gov/preventiontips.aspx
Prenez vos précautions sur Internet:
http://www.securite-informatique.gouv.fr/gp_rubrique34.html
