El dom, 02-09-2007 a las 16:15 +0200, Daniel BrŸuen escribió: > Hi! > > After searching this list and studying documentation I have not found a > simple way of doing group-based authorization in jackrabbit. > If I got it correctly I would need either another tree in the repository > storing access permissions or some in-memory chunk of data, because the > AccessManager does not allow accessing the node in question (which -in > some respect- makes sense). On the other hand there seems almost no > alternative to this approach. > > After all, this is very unsatisfying! I simply want unix-style > permissions on my nodes. > I was already thinking about storing permissions in properties and > handle the access outside of JAAS and JCR in my EJB... which is not > really good style. >
In our application (OpenKM) we store authorization info in the same node. Each node with auth should have this mixing: [mix:accessControlled] mixin - okm:authUsersRead (string) multiple mandatory - okm:authUsersWrite (string) multiple mandatory - okm:authRolesRead (string) multiple mandatory - okm:authRolesWrite (string) multiple mandatory An when the AccessManager is invoked, we use a SystemSession to get these properties. SystemSession have access to the whole repository. -- Paco Avila <[EMAIL PROTECTED]>
