On 22.11.11 11:15, "Mike Müller" <[email protected]> wrote: >We're at MySign thought about such a access control layer in Sling a few >months ago. Mainly because we do have different resource providers >without the possibility of ACLs and also because some access rules >can't be defined by ACLs (eg. access from 8.00 to 17.00 to the resource). >We do have such an access layer in our legacy framework and there >we also have the possibility to define the access rules declarative (like >ACLs) but also by somtehing like the proposed ResourceAccessController >services.
Personally I think it is much better to put such additional ACL implementations into the JCR (e.g. a custom Jackrabbit access control provider). The problem is that anytime your code is using JCR (such as for complex operations not possible through the simple resource API) your sling-based access control won't be used at all. Cheers, Alex -- Alexander Klimetschek Developer // Adobe (Day) // Berlin - Basel
