hi
We use jackrabbit in a web-app (tomcat, seam, JSF) environnent and the authentication on the site is already done with a LDAP module. We don't want to double-check the user identity with JCR but we do want custom right access to nodes for each users (groups actually).
there is no direct need to store the users in JCR. second the user management API defined in jackrabbit is not used to evaluate permissions. what you have to make sure though: a) provide and configure a (an additional) PrincipalProvider -> PrincipalManager will use those b) make sure your login module populates that Subject with principals known to the provider and thus later on to the ac-evaluation. hope that helps and also answers the question later on your original mail. regards angela
The goal for us is to log into the repository with a user whithout identity check : a loginModule that always return true for exemple and set custom rights for the session using ACL. I tried different things as follows : - Using DefaultLoginModule, DefaultAccessManager : the probleme here is that jackrabbit doesn't know the user and we don't want to add every user in the LDAP to the JCR tree. - Using SimpleLoginModule and SimpleAccessmanager : here the user is successfully loged in but apparently it's impossible to use ACL with SimpleAccessManager... - I tried to implement my custom AccessManager and loginModule but i'm a bit lost The only result I have is to successfully log in and access the repository but I can't add/set any right to the User (AccessDenied when changing rights). Is it possible to open a session with admin user, and set the rights for a unknown user, loged-in in another session ? or add an unknown Principal to the subject the admin principal is using ? What is the best solution for the this purpose ? Thanks for your help -- View this message in context: http://jackrabbit.510166.n4.nabble.com/User-and-Rights-management-tp4574664p4574664.html Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.
