On 23 Aug 2009, at 04:23, go canal wrote:
Hello,
would like to seek some advices on how to implement role based
access control.
let's say I have several thousands of files, two roles defined A and
B. users are assigned role A or B.
file access control is based on roles.
How should I implement this role based access control in Jackrabbit?
1) should I add a 'role' property in the file node? and then
implement my own access manager with isGranted() ?
you could, however you will also need to protect the role property to
make certain that only authorized users can change it.
There are a number of examples to play with, all configured by adding
entries into repository.xml
2) or should I implement a filter which filters the returned list ?
it will be hard to make this secure, as there are many ways to get a
node and it all depends on the level of access the "client" has to the
repository.
For instance, approach 1 will generate valid sets of search results
for the user in question.
2 Would require a custom filter for points at which a search was made.
HTH
Ian
thanks in advance !
canal
