> Yes, but AccessManager is jackrabbit-dependent, no? i.e. is not part of the > spec. yes, that's true.
the only part of access control that made it into jsr-170 or (jcr v1.0) is the introspection of the permissions. not the management of permissions. this is in-line with the exclusion of all the management interfaces (nodetypes, workspaces, ...) from v1.0 of jcr. see jsr-283 (v2.0 of jcr) for further development on that, but for now you will have to resort to proprietary mechanisms of the repository. however, the access control "management" portion normally does not make for a lot of source code in most applications that i am familiar with,... in addition to that a number of repository implementation are based on jackrabbit and therefore expose the same or similar interfaces as jackrabbit, so using the jackrabbit interfaces may be a good choice in the first place. regards, david
