Hi, I want to know if there is any example code around JackRabbit authorization. I am looking for code that would help in understanding how to ascertain which user actions can be performed on which folders.
My problem context is as follows : 1. There are two roles - Content Uploaders and Content Approvers. 2. Every Uploader or Approver owns a 'home' folder (similar to a home directory). 3. Uploaders can view/add/delete files in their home folder and only view files in other user's folders. 4. Approvers can view/add/delete files in any folder for which they are approvers. Just like Uploaders, they can only view files in folders for which they are not approvers. 5. Sometimes Uploaders/Approvers can get 'rights' to folders owned by other uploaders/approvers and this would allow them to 'add' & 'delete' files in those folders. What is the best practice to solve this in JackRabbit ? One approach here would be to have a UserId property for every node (which is a folder). If the userId in the User object is equal to the userId property of the node, then that user is given full rights to that folder (essentially it is that user's home directory - s/he is the owner). The node could have two more properties - 'uploaderIds' & 'approverIds' - having a comma separated list of userIds, which tell the system who are the 'other' Uploaders & Approvers who can access the folder APART from the folder 'owner'. Is this a good way to go about solving the problem ? Using AccessManager, SimpleAccessManager which requires AMContext, Subject, Principal, Credentials, HeirarchyManager and knowing how to create a jaas.config sounds complicated. Regards, Sanjiv.
