You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by Ian Boston <ie...@tfd.co.uk> on 2009/04/23 12:27:40 UTC

ModifyAceServlet.

Hi,
I am looking at the ModifyAceServlet. in the  
o.a.s.jackrabbit.accessmanager bundle
I notice that if a requests privileges are denied from a principal  
that references a group, then the request to deny privileges is ignored.

Does this mean its not possible to deny a privilege from a group ?

If so, I would like to understand the reasoning.
Thanks
Ian

Re: ModifyAceServlet.

Posted by Ian Boston <ie...@tfd.co.uk>.

Interesting, thank you, I will ask the same on jackrabbit users.
Thanks.
Ian

On 23 Apr 2009, at 17:54, Eric Norman wrote:

> Yes, the jackrabbit implementation does not allow denying privileges  
> on a
> group.  The ModifyAcesServlet mirrors that behavior.   I don't know  
> the
> exact reasoning behind that, I'd suggest posting your question to the
> jackrabbit list.
>
> Denying privileges is not part of the JCR spec, so this is a  
> jackrabbit
> extension.
>
> On Apr 23, 2009 3:28 AM, "Ian Boston" <ie...@tfd.co.uk> wrote:
>
> Hi,
> I am looking at the ModifyAceServlet. in the  
> o.a.s.jackrabbit.accessmanager
> bundle
> I notice that if a requests privileges are denied from a principal  
> that
> references a group, then the request to deny privileges is ignored.
>
> Does this mean its not possible to deny a privilege from a group ?
>
> If so, I would like to understand the reasoning.
> Thanks
> Ian

Re: ModifyAceServlet.

Posted by Eric Norman <er...@gmail.com>.

Yes, the jackrabbit implementation does not allow denying privileges on a
group.  The ModifyAcesServlet mirrors that behavior.   I don't know the
exact reasoning behind that, I'd suggest posting your question to the
jackrabbit list.

Denying privileges is not part of the JCR spec, so this is a jackrabbit
extension.

On Apr 23, 2009 3:28 AM, "Ian Boston" <ie...@tfd.co.uk> wrote:

Hi,
I am looking at the ModifyAceServlet. in the o.a.s.jackrabbit.accessmanager
bundle
I notice that if a requests privileges are denied from a principal that
references a group, then the request to deny privileges is ignored.

Does this mean its not possible to deny a privilege from a group ?

If so, I would like to understand the reasoning.
Thanks
Ian