Hi Sebastien, Sebastian Gomez schrieb: > Hi. > Thanks for the answers. Is there any date scheduled for the upgrade to > Jackrabbit 1.5? ACL was what I was thinking to use, so maybe the upgrade > resolves my problem (although I haven't been able to find much documentation > on ACL in 1.5 (if someone knows where I can find it I'll appreciate the > indication). What worries me the most is that if ACL in 1.5 is not suitable > enough for my app, what would be the way to go?
As Alex said, I am already working on migrating Sling's Jackrabbit inclusion to 1.5. Now for documentation: There is the jackrabbit.apache.org site and there is a Jackrabbit Wiki. If you don't find any documentation there, it is probably best to just ask on the Jackrabbit dev or user list. Finally, since the Jackrabbit access control functionality is an implementation of the JSR-283 (JCR 2.0) access control functionality, you might find the appropriate description there. The public review draft is available from http://www.jcp.org/en/jsr/detail?id=283 Hope this helps. Regards Felix > > On Wed, Dec 17, 2008 at 1:34 AM, Torgeir Veimo <[email protected]> wrote: > >> On 17 Dec 2008, at 03:59, Rory Douglas wrote: >> >> As for the AccessManager, I think there are plans to upgrade Sling to >>> Jackrabbit 1.5, so it may be more worthwhile to wait for that & use the >>> repository-ACL-based AccessManager that comes with 1.5 rather than >>> implementing your own. Or ping me & I can send you what I cobbled together >>> for ACL-based control. >>> >> >> ACLs are not suitable for most web applications. They're declarative, while >> most interactive web applications require implicit or application specific >> security constraints. Sling really needs to allow custom AccessManager >> implementations. >> >> >> -- >> Torgeir Veimo >> [email protected] >> >> >> >> >> >
