Hello friends. Now I am investigating your security approach connected to Nuxeo-Remote framework. I found, that interaction with remote Nuxeo server starts with calling an Framework.login(username, userpassword). What is confusing me - it's an static methods. After I had login in I can create sessions by CoreInstance.getInstance().open(repository, null). It's another static method.
Its means that I can't create sessions for several users in one time. In my test integration application I create next approach: 1) When my web-app is starting - I init Nuxeo-Remoting (Framework,..) and do login as Administrator. 2) I add and delete documents 3) When I shoot down application - I do logout. But in this way - I interact with Nuxeo only under Administrator user. How will I have to change it, to allow permission management on Nuxeo side? For example: 1) I add login page into my application 2) When app is starting - I init Nuxeo-remote 3) When I need to add or delete document - I do Framework.login (using current user credentials), getSession, logout (all in synchronize section). Is it right way? If yes - is it good for performance? Can I create an holder, that can holds session factory each loggined user to avoid login/logout actions on each remote call and multi threading killing? Alexander _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm
