Hello everyone, I am having a bit of trouble determining how to use the AccessManager interface to provide authorization rather than authentication. We have a Jackrabbit-external authorization service based upon certain attributes of the repository data (the path and declaring node type of the modified item as well as property values - we don't authorize to the individual property level). I can work around the access manager configuration not including a session instance (albeit a less than ideal solution). However, an issue arises when attempting to authorize removal operations. Jackrabbit appears only to invoke the access manager to check for removal permissions upon save (i.e. in the validateTransientItems method of ItemImpl). However, access to property values (or even the removed item) at this point isn't possible since the item has been removed from the session (even it's state is not very accessible as it's in the attic of the TransientItemStateManager). Has anyone else ventured down this path and come up with a clean solution? Apologies if this has been addressed in earlier discussions but a search of the archives did not yield anything.
Regards, -- Mike -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited.
