You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by Eric Norman <er...@gmail.com> on 2009/03/02 17:18:17 UTC

Re: Re: How can I realize authentication in sling?

Hi yanjie,

For my own project, I've implemented some custom sling POST handlers
(similar to the usermanager actions I contributed earlier) to
add/modify/delete access control entries for users/groups using the early
access JSR-283 access control support in jackrabbit 1.5.

It seems to work well for my use cases, and I was planning on submitting a
patch when I get some free time to clean it up a bit.  If that is something
you would be interested in using, I can try to submit a patch for
consideration in the next few days.

-Eric


On Sun, Mar 1, 2009 at 7:16 PM, yanjie <ya...@gmail.com> wrote:

> HI felix:
> Glad to recieve your answer ,
> I think it's important for a content manager system  to have authentication
> control.
> If there is no authenticatioin control , user management will be less
> useful.
> I think the users of sling really hope sling can add the authentication's
>  function early.
> waiting ...
>
> thanks.
>
>
> 2009-03-02
>
>
>
> yanjie
>
>
>
> 发件人： Felix Meschberger
> 发送时间： 2009-02-28  05:03:18
> 收件人： sling-dev
> 抄送：
> 主题： Re: How can I realize authentication in sling?
>
> Hi,
> yanjie schrieb:
> > Hi everyone:
> > I want to give a user some policy to handle a node(read or write or
> modify..) , and other users don't have the policy . Or a group has the
> policy and the users in the group all have the authentication . how can I
> use sling to realize it?
> Sling employs the authentication and access control functionality of the
> underlying JCR repository (Jackrabbit by default).
> So you have to create users and groups in Jackrabbit (I have applied the
> SLING-875 patches by Eric Norman today to enable user/group management
> in Sling.
> In addition you have to set access control in the repository. This is
> more problematic at the moment because Jackrabbit 1.5 embedded in Sling
> only contains partial support for JSR-283 (aka JCR 2.0) access control
> support.
> Maybe others on the list are more knowledgeable in this respect...
> Regards
> Felix
>

Re: How can I realize authentication in sling?

Posted by Eric Norman <er...@gmail.com>.

Hi Felix,
My proposed changes for access control management are attached to
https://issues.apache.org/jira/browse/SLING-879

Let me know if you run into any troubles using it.

On Thu, Mar 5, 2009 at 1:52 PM, Felix Meschberger <fm...@gmail.com>wrote:

> Hi Eric
>
> Eric Norman schrieb:
> > Hi yanjie,
> >
> > For my own project, I've implemented some custom sling POST handlers
> > (similar to the usermanager actions I contributed earlier) to
> > add/modify/delete access control entries for users/groups using the early
> > access JSR-283 access control support in jackrabbit 1.5.
> >
> > It seems to work well for my use cases, and I was planning on submitting
> a
> > patch when I get some free time to clean it up a bit.  If that is
> something
> > you would be interested in using, I can try to submit a patch for
> > consideration in the next few days.
>
> Yes, please, thanks ;-)
>
> Regards
> Felix
>
> >
> > -Eric
> >
> >
> > On Sun, Mar 1, 2009 at 7:16 PM, yanjie <ya...@gmail.com> wrote:
> >
> >> HI felix:
> >> Glad to recieve your answer ,
> >> I think it's important for a content manager system  to have
> authentication
> >> control.
> >> If there is no authenticatioin control , user management will be less
> >> useful.
> >> I think the users of sling really hope sling can add the
> authentication's
> >>  function early.
> >> waiting ...
> >>
> >> thanks.
> >>
> >>
> >> 2009-03-02
> >>
> >>
> >>
> >> yanjie
> >>
> >>
> >>
> >> 发件人： Felix Meschberger
> >> 发送时间： 2009-02-28  05:03:18
> >> 收件人： sling-dev
> >> 抄送：
> >> 主题： Re: How can I realize authentication in sling?
> >>
> >> Hi,
> >> yanjie schrieb:
> >>> Hi everyone:
> >>> I want to give a user some policy to handle a node(read or write or
> >> modify..) , and other users don't have the policy . Or a group has the
> >> policy and the users in the group all have the authentication . how can
> I
> >> use sling to realize it?
> >> Sling employs the authentication and access control functionality of the
> >> underlying JCR repository (Jackrabbit by default).
> >> So you have to create users and groups in Jackrabbit (I have applied the
> >> SLING-875 patches by Eric Norman today to enable user/group management
> >> in Sling.
> >> In addition you have to set access control in the repository. This is
> >> more problematic at the moment because Jackrabbit 1.5 embedded in Sling
> >> only contains partial support for JSR-283 (aka JCR 2.0) access control
> >> support.
> >> Maybe others on the list are more knowledgeable in this respect...
> >> Regards
> >> Felix
> >>
> >
>
>

Re: How can I realize authentication in sling?

Posted by Felix Meschberger <fm...@gmail.com>.

Hi Eric

Eric Norman schrieb:
> Hi yanjie,
> 
> For my own project, I've implemented some custom sling POST handlers
> (similar to the usermanager actions I contributed earlier) to
> add/modify/delete access control entries for users/groups using the early
> access JSR-283 access control support in jackrabbit 1.5.
> 
> It seems to work well for my use cases, and I was planning on submitting a
> patch when I get some free time to clean it up a bit.  If that is something
> you would be interested in using, I can try to submit a patch for
> consideration in the next few days.

Yes, please, thanks ;-)

Regards
Felix

> 
> -Eric
> 
> 
> On Sun, Mar 1, 2009 at 7:16 PM, yanjie <ya...@gmail.com> wrote:
> 
>> HI felix:
>> Glad to recieve your answer ,
>> I think it's important for a content manager system  to have authentication
>> control.
>> If there is no authenticatioin control , user management will be less
>> useful.
>> I think the users of sling really hope sling can add the authentication's
>>  function early.
>> waiting ...
>>
>> thanks.
>>
>>
>> 2009-03-02
>>
>>
>>
>> yanjie
>>
>>
>>
>> 发件人： Felix Meschberger
>> 发送时间： 2009-02-28  05:03:18
>> 收件人： sling-dev
>> 抄送：
>> 主题： Re: How can I realize authentication in sling?
>>
>> Hi,
>> yanjie schrieb:
>>> Hi everyone:
>>> I want to give a user some policy to handle a node(read or write or
>> modify..) , and other users don't have the policy . Or a group has the
>> policy and the users in the group all have the authentication . how can I
>> use sling to realize it?
>> Sling employs the authentication and access control functionality of the
>> underlying JCR repository (Jackrabbit by default).
>> So you have to create users and groups in Jackrabbit (I have applied the
>> SLING-875 patches by Eric Norman today to enable user/group management
>> in Sling.
>> In addition you have to set access control in the repository. This is
>> more problematic at the moment because Jackrabbit 1.5 embedded in Sling
>> only contains partial support for JSR-283 (aka JCR 2.0) access control
>> support.
>> Maybe others on the list are more knowledgeable in this respect...
>> Regards
>> Felix
>>
>