Hi
Unfortunately JSR 170 and 283 don't define how principals can be managed or retrieved. That's why there exists a bit of additional API with jackrabbit-api: - org.apache.jackrabbit.api.JackrabbitSession.getPrincipalManager - org.apache.jackrabbit.api.security.principal.PrincipalManager so, the shortest answer would be: everything that is exposed by the PrincipalManager is a valid principal. And since the specification mandates that any access control management operation makes sure on valid principals are passed as arguments, this is the default behaviour out of the box. however, there are cases where we found that limitation to be too strict. i don't recall if we relaxed that in Jackrabbit 2.x outside of the xml-import but with the new implementation at Jackrabbit Oak there exists a configuration option ImportBehavior that allows to relax the validation checks for principals across all access control operations (adding principals within policies, importing the later etc). There exists no proper documentation for Jackrabbit 2.x but for Oak you can find the documentation at http://jackrabbit.apache.org/oak/docs/security/overview.html kind regards angela ________________________________ From: kevintv <kevintv...@gmail.com> Sent: Wednesday, November 7, 2018 9:52 PM To: users@jackrabbit.apache.org Subject: How to create new Principal Object Hello, I'm a new developer trying to tackle the Jackrabbit/JCR library. My team and I have been using the EveryonePrincipal for a couple of months now, but we've been wanting to implement more capabilities per user roles/principals so we can grant them necessary read/write access to each node. However, we're having some difficulties figuring out how to create a new Principal object. I've been using: PrincipalImpl newPrincipal = new PrincipalImpl("MyPrincipal"); Then creating a new RolePrincipal class matching the EveryonePrincipal, except the name would be "MyPrincipal" inside the RolePrincipal class. This method doesn't work unfortunately. Is there anything else we're missing from this? And how does the 'everyone' principal gets stored? -- Sent from: http://jackrabbit.510166.n4.nabble.com/Jackrabbit-Users-f510167.html
