Vidar Ramdal wrote:
Does no-one really know how to achieve this? Maybe Angela Schreiber, who apparently is doing the authentication/authorization work for Jackrabbit 1.5, could give me a hint?
you cannot withdraw permissions by using session.getAccessControlManager().addAccessControlEntry since the method is defined to only grant additional permissions. nor can you grant 'no_privilege' in order to withdraw permissions. that is how it was define in the latest version of JSR 283. the jackrabbit implementation currently allows to edit a policy obtained through AccessControlManager.getPolicy and there you may add a DENY ace. but please note (think of this as a bold-red-disclaimer): as jukka already said the 283 access control is still being heavily refactored and consequently the complete security code is prone to major changes without any further notice. you will have to adjust your code later on. that's the only thing i can tell you for sure. sorry for the inconvenience. angela
