On 15 Dec 2009, at 22:42, Mat Lowery wrote:
> What are the differences between
> org.apache.jackrabbit.core.security.authorization.acl.ACLProvider and
IIRC, acl enforces acls expressed on content nodes, where an acl is made up of
a map of Access Control Entries, mapped by principal name, each ACE containing
2 arrays, one of granted privileges, one of dened privileges.
eg as json
{
"everyone":{"granted":["jcr:read"]}
"ieb":{"granted":["jcr:read","jcr:write"]}
}
> org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider?
AFAICT, this is not used in the default configuration of 1.6, although it looks
like it uses the order of the principals rather than the order of the acls when
resolving/compiling a permission at a node. Certainly the order in which the
bit map is constructed changes the final permissions bitmap.
Ian
