Hi Felix. I tested what you told me, but I've seen it's not going to be possible only exporting org.apache.jackrabbit.core.security due to the fact that the AccessManager interface uses org.apache.jackrabbit.core.ItemId (so it will also need org.apache.jackrabbit.core exported, that by what you said I see is not an option). On the other hand I've had a look over the JSR-283 spec and the Jackrabbit 1.5 source code and it looks that it will include exactly what I need, so I think my best option is to hold on until you finish the migration. The thing is that I'm in a bit of a hurry with this part of my application, I've got my deadline quite near, so I hope you don't mind me daring to ask you how much time you estimate it will take (just to know if I can wait, or if I must implement this in some quick&dirty way and expect an upgrade in the future).
Thanks a lot for your help, and I hope you can help me out with this last doubt. Br, SebatiAn Gomez ;) On Wed, Dec 17, 2008 at 2:44 PM, Felix Meschberger <[email protected]>wrote: > Hi Sebastien, > > Sebastian Gomez schrieb: > > Hi. > > Thanks for the answers. Is there any date scheduled for the upgrade to > > Jackrabbit 1.5? ACL was what I was thinking to use, so maybe the upgrade > > resolves my problem (although I haven't been able to find much > documentation > > on ACL in 1.5 (if someone knows where I can find it I'll appreciate the > > indication). What worries me the most is that if ACL in 1.5 is not > suitable > > enough for my app, what would be the way to go? > > As Alex said, I am already working on migrating Sling's Jackrabbit > inclusion to 1.5. > > Now for documentation: There is the jackrabbit.apache.org site and there > is a Jackrabbit Wiki. If you don't find any documentation there, it is > probably best to just ask on the Jackrabbit dev or user list. > > Finally, since the Jackrabbit access control functionality is an > implementation of the JSR-283 (JCR 2.0) access control functionality, > you might find the appropriate description there. The public review > draft is available from http://www.jcp.org/en/jsr/detail?id=283 > > Hope this helps. > > Regards > Felix > > > > > On Wed, Dec 17, 2008 at 1:34 AM, Torgeir Veimo <[email protected]> > wrote: > > > >> On 17 Dec 2008, at 03:59, Rory Douglas wrote: > >> > >> As for the AccessManager, I think there are plans to upgrade Sling to > >>> Jackrabbit 1.5, so it may be more worthwhile to wait for that & use the > >>> repository-ACL-based AccessManager that comes with 1.5 rather than > >>> implementing your own. Or ping me & I can send you what I cobbled > together > >>> for ACL-based control. > >>> > >> > >> ACLs are not suitable for most web applications. They're declarative, > while > >> most interactive web applications require implicit or application > specific > >> security constraints. Sling really needs to allow custom AccessManager > >> implementations. > >> > >> > >> -- > >> Torgeir Veimo > >> [email protected] > >> > >> > >> > >> > >> > > >
