Hi! We are using WebDAV (exclusively) to access our JackRabbit repository and my current task is to add ACL support to the server. As there doesn't seem to be support for WebDAV ACLs in JackRabbit at this point, I have begun to implement a simplified version that meets our demands (see #1 below). While working on this implementation, I came across some classes and mailing list entries which suggest that JackRabbit actually does support some sort of ACL and principal management (#2). I currently don't quite see how to finish a working solution for our requirements with either option though.
Our repository will most likely depend on an LDAP directory to provide the available principals (users and groups). I have written a simple layer to query principals from a configurable LDAP directory, so this layer should be used to authenticate users. ACLs should be available on each file or directory node to control permissions on a per-user/per-node basis. We have a graphical client (modelled after typical file browsers) for comfortably accessing the repository, which should also allow users to modify ACLs by querying principals and editing the ACLs. Currently, the client gets the LDAP configuration through the DAV server and then directly accesses the LDAP server for user queries. These are my two current options: #1) This is the solution I have been working on so far. I use sub nodes to store ACLs and a custom property handler to transfer ACLs between the WebDAV server and clients as XML, roughly similar to the properties described in the WebDAV ACL RFC. I'm stuck though implementing a matching AccessManager. To verify if a principal has certain privileges on a resource, I have to access that resource's ACL on the server side (within the AccessManager), i.e. I have to read the sub nodes of the requested node. I assume I have to do that through a different context than the one belonging to the principal in question, as trying to access the ACL through that context obviously leads to endless recursions (when the AccessManager is implicitly invoked to verify the access rights on the ACL nodes). Is there a way to get "direct" access (without going through a context) to nodes on the server side, or can I somehow construct a "superuser context" to read these nodes? #2) While looking for a way to solve #1, I discovered that, apparently, JackRabbit does already support ACLs now (when actively looking for it before attempting #1, all I could find were client-side WebDAV ACL methods which the server couldn't handle), including principal management. I have, however, failed to find any useful documentation or guide on how to use these classes. Is there a howto or something describing if and how I can use these classes to efficiently read my principals from a large LDAP directory, set and query ACLs through WebDAV and verify these permissions on the server side? Thanks, Marian. -- View this message in context: http://www.nabble.com/WebDAV-and-ACLs-tp22287762p22287762.html Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
