I'm trying to decide how to implement a simple security model around my remotely deployed repository. My requirements are simple.
REQUIREMENTS 1) I don't need external authorization of management of my JCR users. As I understand it, I can use the user management bit provided by Jackrabbit to store my JCR users. 2) I want to have an admin user with full rights on the whole repo, an anonymous read only user, and a number of users for my various application / clients with subtree specific full rights (ACL). Right now, I'm trying to set this up with DefaultSecurityManager, DefaultAccessManager, and the DefaultLoginModule. QUESTIONS: 1) is this an appropriate set up for my use case 2) I've somehow figured out that the DefaultLoginModule uses a couple of default users, with anonymous and admin rights, and the ID's for these users are configured via params to the default login module in repository.xml. But I can't find any documentation of this user config, or documentation of other similar config. 3) how do you configure the passowrd for the default admin and anonymous users? 4) can I also declare other users in the repository.xml?
