I am using 1.5.5 of Jackrabbit On Fri, Jul 10, 2009 at 3:06 PM, Alexander Klimetschek <[email protected]>wrote:
> On Fri, Jul 10, 2009 at 7:46 AM, aasoj j<[email protected]> wrote: > > Hi, > > > > Please pardon me if I have missed something very basic and hence getting > > into the following situation. > > > > I have created a system workspace to keep system information > > systemSession = repository.login(new SimpleCredentials(name, password), > > "SystemData"). > > > > Then I added a node using session.getRootNode().addNode("node", type). > > The intent is to hide data in node. > > > > Later when I read child nodes in the default session using > > repository.login(new SimpleCredentials(name, > > password)).getRootNode().getNodes() > > > > I am able to see the node in SystemData workspace. Similarly i am able to > > see nodes created in default workspace using systemSession. > > > > I thought through the Session object the client can access any node or > > property in that tree of the workspace to which the Session is tied. Am I > > missing something. Is it possible to block this? > > I guess you are using a pre-1.5 version of Jackrabbit: there the > access management was simple, where only between "admin", "anonymous" > and normal users was differentiated by their user id - passwords were > ignored. That's the SimpleAccessManager and SimpleLoginModule in the > repository.xml. > > Starting with 1.5 the access management was improved, to work towards > the access control that will be part in the upcoming JCR 2.0 spec. > > A starting point is currently the mailing list only: > http://markmail.org/message/o46lyg6emctxlocg > > Regards, > Alex > > -- > Alexander Klimetschek > [email protected] >
