You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Mat Lowery <ml...@pentaho.com> on 2009/12/15 23:42:34 UTC
Two ACLProviders
What are the differences between
org.apache.jackrabbit.core.security.authorization.acl.ACLProvider and
org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider?
Re: Two ACLProviders
Posted by Ian Boston <ie...@tfd.co.uk>.
On 15 Dec 2009, at 22:42, Mat Lowery wrote:
> What are the differences between
> org.apache.jackrabbit.core.security.authorization.acl.ACLProvider and
IIRC, acl enforces acls expressed on content nodes, where an acl is made up of a map of Access Control Entries, mapped by principal name, each ACE containing 2 arrays, one of granted privileges, one of dened privileges.
eg as json
{
"everyone":{"granted":["jcr:read"]}
"ieb":{"granted":["jcr:read","jcr:write"]}
}
> org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider?
AFAICT, this is not used in the default configuration of 1.6, although it looks like it uses the order of the principals rather than the order of the acls when resolving/compiling a permission at a node. Certainly the order in which the bit map is constructed changes the final permissions bitmap.
Ian