Hi, On Dec 13, 2007 9:22 PM, qcfireball <[EMAIL PROTECTED]> wrote: > It looks to me so far that Jackrabbit has no "native" Authorization provided > with it. I have looked at the source quite a bit the last couple days, and > there does not seem to be anything of this sort. Is this true?
Yes, currently we only ship a very rudimentary authorization mechanism that basically just distinguishes between read-only access for a specific "anonymous" account, and read-write access to everyone else. > Are people implementing this themselves using the AccessManager interface? > Are they using JeCARS to implement repository Authorization, or some other > pre-built product? Yes, there are a few threads (mostly on dev@) about implementing custom AccessManagers. This is currently the recommended way of implementing authorization policies in Jackrabbit. Note that Day Software is currently contributing a rather comprehensive ACL-based authorization component (see https://issues.apache.org/jira/browse/JCR-1171), but this feature will unfortunately not make it in the Jackrabbit 1.4 release. And if there are other generic AccessManagers out there, I'd certainly be interested in including also them in the Jackrabbit core. BR, Jukka Zitting
