hi yusuf
I guess I found something usefull here
*JCR* 2 only defines the ability to add privileges. You need to use the
*Jackrabbit*-specific *JackrabbitAccessControlList* to add a "deny" access
control entry.
one additional hint: please note that in the default implementation
privileges granted/denied for a given user always take precedence over
those defined any group the user is member of.
in general we advise to create access control entries for groups
as this improves maintainability of the access control content.
similarly we advise to use allow/deny entries for individual users
where you really want to target that specific user and nobody else...
regards
angela
http://jackrabbit.510166.n4.nabble.com/Help-with-JCR-2-access-control-td2403697.html
thanks again Justin :)
On Sun, Jan 23, 2011 at 2:01 AM, Yusuf Aaji<[email protected]> wrote:
Hi,
I have managed to use the default* security classes with jackrabbit and
used the access policies in a good way so far.
But there is a strange behaviour I'm getting. If I grant everyone or
anonymous jcr:read on the root folder, I can't revoke that or override it on
any sub-folder no matter what the policies on that sub-folder is.
Is this ok, or am I missing something?
I mean I need Mr.anonymous to access my repo but I need to hide some
folders from him. Sorry anonymous, don't take it personal, but every
business have some confidential documents :)
any idea jackrabbit developers?!
BR,
Yusuf
