hi roland
Sorry maybe i wasn't clear enough. i meant grant or deny acces to an
individual property of a node.
yes... that's what i understood.
Will this be possible in Jackrabbit 1.6 or 2.0?
that should be possible with jackrabbit 1.5.0 already.
despite the fact that it is still work in progress...
Because i just checked out the trunk for 1.6-SNAPSHOT and tried to
restrict the access but got an PathNotFoundException.
Than i realized ACL's could only be assigned to nodes, but how do i
build a correct ACL which i can assign to the node?
am i missing something?
ACLs can only be assigned to Nodes. Similarly a Session
holds a set of Privileges on a given Node (and never on
a Property). this is defined by the JSR 283 access control.
however, you still may have finer grained permissions
even for individual properties or nodes:
quote from the specification:
"
In repositories that do support access control management, the
permissions encompass the restrictions imposed by privileges, but also
include any additional policy-internal refinements with effects too
fine-grained to be exposed through privilege discovery. A common cases
may be to provide finer-grained access restrictions to individual
properties or child nodes of the node to which the policy applies.
"
for this purpose jackrabbit defines refined ACL/ACE
interfaces that allow to pass additional restrictions
when creating an ACE. which restrictions are understood
and/or respected is left to the implementation.
you may take a look at
http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplate.java
it is still sort of a draft but you will get the idea.
hope that helps
angela
