I don't know too much about Spring Security, but it looks like it'd be fairly involved. Jackrabbit implements security based on specs provided in JSR-283/JCR2 [1]. To me it looks like if you want to utilize Spring security, you'll have to swap out their implementations [2]with a ss based one. That could be a fairly large effort.
Jackrabbit can authenticate via JAAS, so you may be able to use that. A session is required in order to access the content of the repository. You log in with credentials (unless "anonymous"), and access control is implemented based on the credentials of your session. [1] http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html [2] http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/ -- View this message in context: http://jackrabbit.510166.n4.nabble.com/Need-to-understand-sessions-tp4334178p4345446.html Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
