Actually I am working to migrated my application from 1.4 to 1.5 (almost done) and after that I will switch to 1.6. I expect a less traumatic process from 1.5 to 1.6 than form 1.4 to 1.5 :)
As I have seen in the backwards compatiblity notes in jackrabbit 2.0 there are two potentially dangerous issues with the JSR 283 security features: http://issues.apache.org/jira/browse/JCR-2313 http://issues.apache.org/jira/browse/JCR-1944 So, I think better to maintain my own access manager by now. Thank Angela. On Tue, Mar 2, 2010 at 9:51 AM, Angela Schreiber <[email protected]> wrote: > Paco Avila wrote: >>> >>> From jackrabbit 1.5 there is an user management feature, but Ipm not >> >> sure how to deal with this is I use an external user database. Do I >> need to create an unser using the Jackrabbit API if I add a new user >> in the external user database? > > as of jackrabbit 2.0 the user management can be configured > with the security manager configuration. > with previous versions you have to provide you own implementation > of JackrabbitSecurityManager that exposes your user-manager implementation. > > in any case: the access manager and access control evaluation > doesn't have a dependency to the user management at all. > in jackrabbit only the DefaultLoginModule and the DefaultPrincipalProvider > rely on the user management. that's the > default that was convenient for us... > > but note: basically you don't even need to provide any user management > at all if your LoginModule (and ev. PrincipalManager) doesn't rely on > it and you don't need the ability to created users/groups with > jackrabbit. > > hope that helps > angela > > -- OpenKM http://www.openkm.com http://www.guia-ubuntu.org
