Hi Tuhin First of all: is there a reason not to use Jackrabbit Oak? It's the successor project of Jackrabbit, which is essentially in maintenance mode. Also there is a lot more documentation about Jackrabbit Oak at http://jackrabbit.apache.org/oak/docs/index.html
Regarding your questions: - creating uses -> see Jackrabbit API -> user management - creating access control -> see JCR 2.0 API and extensions in Jackrabbit API - token login: as far as i remember that should work out of the box unless you explicitly token authentication. Regarding your code snippet: - you should pass an absolute path and not a principal to obtain the (applicable) policies - second, if no applicable policies exists, there might already have been one applied to the target node before, in which case AccessControlManager.getPolicies(String absPath) is the right call. see JCR 2.0 specification for details Hope that helps Angela ________________________________________ From: Tuhin Subhra Mandal <myid.tuhin...@gmail.com> Sent: Wednesday, June 12, 2019 7:53 AM To: users@jackrabbit.apache.org Subject: Issue with security & authorization in Jackrabbit 2.18.0 Dear Jackrabbit team I have been working on developing a Jackrabbit pass system. Now I am trying to enable the security module. My requirement is: 1. will have to create users and provide them access to different nodes on the Jackrabbit server. For example there are 2 tenants that I need to onboard, So under the root folder I may have tenant1, and tenant2 folder. 2. we need to create 2 users: t1user and t2user. 3. t1user should access only the tree that starts under tenant1, and t2user for tenant2. 4. And the login mechanism should be token based. Now I have been exploring AccessControl, https://wiki.apache.org/jackrabbit/AccessControl and few other links to create users with proper priviledges. But it does not seem to work. How do I create users with proper privileges ? How do I enable token based authentication on Jackrabbit 2.18 I did not find proper documentation to follow along. Need your kind help in solving this issue. I am attaching some code snippet from repository.xml and user creation java client. -- Regards Tuhin