Need to understand sessions

[D G <dj...@gmail.com>]

We've a web app that I'd like to add a document repo behind but we've
already got a security/login model based on Spring Security (Spring 3).

I've been looking at JackRabbit but it seems there is another layer of
user/ACL and you need to start using sessions.  I'd like to stick with
Spring if possible, but don't understand exactly what a JackRabbit session
is and the docs are pretty sparse about this - can someone give me a
pointer and/or some links for further research.

Many thanks,

David

Re: Need to understand sessions

[Mark Herman <MH...@NBME.org>]

I don't know too much about Spring Security, but it looks like it'd be fairly
involved.  Jackrabbit implements security based on specs provided in
JSR-283/JCR2 [1].  To me it looks like if you want to utilize Spring
security, you'll have to swap out their implementations [2]with a ss based
one. That could be a fairly large effort.

Jackrabbit can authenticate via JAAS, so you may be able to use that.

A session is required in order to access the content of the repository.  You
log in with credentials (unless "anonymous"), and access control is
implemented based on the credentials of your session.

[1] http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html
[2]
http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/

--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Need-to-understand-sessions-tp4334178p4345446.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.