please don't use the configuration as specified below.
it doesn't make sense and is a mixture between jackrabbit's
default setup and the user-per-workspace idea that we use
at adobe.
instead you should change the config to either
a) set SecurityManger class to UserPerWorkspaceSecurityManager
b) set UserManager class to UserManagerImpl
the DefaultSecurityManager expects the users to be stored
in a dedicated extra workspace (see "workspaceName attribute
with the security manager) and makes sure that the user
manager is always bound to that workspace... this contradicts
the aim of the UserPerWorkspaceUserManager.
the only difference between the base class UserManagerImpl and
it's derived variant is that the latter allows you to disable
the 'auto-save' mode (in other other words delegating the
responsibility of calling save to the editing session) and
allows to retrieve the path of an authorizable. both features
only make sense if the user manager is guaranteed to be bound
to the editing session which is not the case with DefaultSecurityManager.
kind regards
angela
On 10/13/12 2:38 PM, Chetan Mehrotra wrote:
You can control the location where are user are created by default
through UserManager config which is by default optional
<SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager">
<!--
optional user manager configuration
-->
<UserManager
class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">
<param name="usersPath" value="/home/users"/>
<param name="groupsPath" value="/home/groups"/>
<param name="defaultDepth" value="1"/>
<param name="autoExpandTree" value="true"/>
<AuthorizableAction
class="org.apache.jackrabbit.core.security.user.action.AccessControlAction">
<param name="groupPrivilegeNames" value="jcr:read"/>
<param name="userPrivilegeNames" value="jcr:all"/>
</AuthorizableAction>
</UserManager>
<!--
optional workspace access manager configuration
-->
</SecurityManager>
Chetan Mehrotra
