Thanks, Paco!
Paco Avila wrote:
In our application (OpenKM) we store authorization info in the same
node. Each node with auth should have this mixing:
[mix:accessControlled] mixin
- okm:authUsersRead (string) multiple mandatory
- okm:authUsersWrite (string) multiple mandatory
- okm:authRolesRead (string) multiple mandatory
- okm:authRolesWrite (string) multiple mandatory
An when the AccessManager is invoked, we use a SystemSession to get
these properties. SystemSession have access to the whole repository.
That looks straight forward. So I will have to open two different
sessions, one for authorization and one real user-session. Right now I
store the user-session in a property of a stateful EJB (is that a good
idea? I am not really sure about passivating/activating) and that would
need to be changed since I can not open two different sessions
simultaneously (or can I?).
Cheers,
Dan
