>>the access control functionality should be enforced in
>>the repository and not in the webdav-layer on top of
>>the repository.
>
> We have numerous DB tables that collectively define a users permissions
> (only one element of security information is defined in repository nodes).
> How can the entire DB ACL information be defined in the Repository?
>
> In our web application, we read the ACL from the DB and enforce security
> when reading from or writing to the repository? How can this be done for
> webdav calls?
>
> Thanks again for you input.
> Sushil
>
>
Angela Schreiber wrote:
>
>
>>> I was wrong in saying we have access control information defined in the
>>> JCR repository. The ACL information resides in DB; we are able to use
>>> ItemFilter's -> isFilteredNodeType(Item item) method to filter out nodes
>>> as per user
>
> the access control functionality should be enforced in
> the repository and not in the webdav-layer on top of
> the repository.
>
> please make sure, you have the access control funcitionality
> in the repository reading/evaluation the information
> from your DB.
>
> what you try to do, looks like an ugly hack to me.
>
> angela
>
>
--
View this message in context:
http://www.nabble.com/webdav-control-nodes%28folders%29-to-display-tp16423305p16495046.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
