On Wed, Jan 15, 2014 at 8:37 AM, Carsten Ziegeler <[email protected]> wrote: > ...What about defining a registration property for this service, something > like "context"? By default this is "provider" and the service is applied to > the providers indicating they need additional access control. And if its > set to "application", the checks are applied on top at a higher level?...
Sounds pretty good to me. When ResourceAccessSecurity was introduced a number of us mentioned that we don't want people to mix it with JCR access control to avoid mixing up security concerns. With your suggestion, this translates to "you should not use ResourceAccessSecurity with context=ResourceProvider if using a JCR repository that provides access control" which is pretty clear. (BTW I suggest using context=ResourceProvider instead of context=provider) -Bertrand
