You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by muniak julien <mu...@gmail.com> on 2006/06/15 12:07:28 UTC
Re: Acces control implementation
Sorry for the long time without reply, had some connection issues...
On 5/28/06, Tobias Bocanegra <to...@day.com> wrote:
>
> hi,
> > Both will have an owner property, a list of subjects with reading rights
> and
> > another list of subjects with writing rights.
> wouldn't it make more sense to have a general list of rights? i mean,
> there are more actions than just read and write (currently: read,
> write, remove).
>
> > Is it a right way to directly inherit from nt:folder or should i use
> another
> > namespace ?
> i would create a mix:accessControlled mixin nodetype that has to
> neccesairy properties or childnodes. so you can add the mixin to
> whatever node you want.
> you still can define the nt:privilegedFile like this:
>
> [nt:privilegedFile] > nt:file, mix:accessControlled
Didn't check out the mixin node type at this time,
It's now done with mixin node type.
Thx for the advice
> While doing the first node type i realised that when a node is being
> > imported to the repository in defaultHandler, the user's principals are
> > not accessible, should i modify the inputContext interface and then the
> > importContext interface to make the principals accessible at this
> point ?
>
> the checking is done in the access manager. take a look at the
> SimpleAccessManager. it is initialized for every session that holds
> the jaas subject. i would not add a special accesscontrol into the
> default handler.
My question here was more on how to set the property owner of my nodes
when it is created ?
For exemple I would like that during the importProperties of the Handler the
property "owner" was set
to the login of the subject who called the put method.
Where can I, at this stage, acces to the login of the current subject ?
Is there another place where I should look to include this process ?
> I would like, if you are interested in my work, to commit these change to
> > jackrabbit as soon as it is functional.
> there are some discussions of how to add ACLs into JSR283 (jcr 2.0).
> as soon we have some consensus of how this should be modeled, we will
> start to implement it into jackrabbit. and of course any sound help is
> welcome.
> I've seen that the RFC3253 as been implemented in the webdav server, so i
> > can later add the real rights showing in the propfind.
> as i said, it would be cool, if the webdav acl and the repository acl
> work with the same mechanisms.
>
> regards, toby
> --
> -----------------------------------------< tobias.bocanegra@day.com >---
> Tobias Bocanegra, Day Management AG, Barfuesserplatz 6, CH - 4001 Basel
> T +41 61 226 98 98, F +41 61 226 98 97
> -----------------------------------------------< http://www.day.com >---
>
--
Muniak julien
Re: Acces control implementation
Posted by Tobias Bocanegra <to...@day.com>.
well, you can get the userId of the session:
contentNode.getSession().getUserID()
if this helps.
regards, toby
On 6/15/06, muniak julien <mu...@gmail.com> wrote:
> Sorry for the long time without reply, had some connection issues...
>
> On 5/28/06, Tobias Bocanegra <tobias.bocanegra@day.com > wrote:
> > hi,
> > > Both will have an owner property, a list of subjects with reading rights
> and
> > > another list of subjects with writing rights.
> > wouldn't it make more sense to have a general list of rights? i mean,
> > there are more actions than just read and write (currently: read,
> > write, remove).
> >
> > > Is it a right way to directly inherit from nt:folder or should i use
> another
> > > namespace ?
> > i would create a mix:accessControlled mixin nodetype that has to
> > neccesairy properties or childnodes. so you can add the mixin to
> > whatever node you want.
> > you still can define the nt:privilegedFile like this:
> >
> > [nt:privilegedFile] > nt:file, mix:accessControlled
>
>
> Didn't check out the mixin node type at this time,
> It's now done with mixin node type.
> Thx for the advice
>
>
> > > While doing the first node type i realised that when a node is being
> > > imported to the repository in defaultHandler, the user's principals are
> > > not accessible, should i modify the inputContext interface and then the
> > > importContext interface to make the principals accessible at this point
> ?
> >
> > the checking is done in the access manager. take a look at the
> > SimpleAccessManager. it is initialized for every session that holds
> > the jaas subject. i would not add a special accesscontrol into the
> > default handler.
>
>
> My question here was more on how to set the property owner of my nodes
> when it is created ?
> For exemple I would like that during the importProperties of the Handler the
> property "owner" was set
> to the login of the subject who called the put method.
> Where can I, at this stage, acces to the login of the current subject ?
> Is there another place where I should look to include this process ?
>
>
>
> > > I would like, if you are interested in my work, to commit these change
> to
> > > jackrabbit as soon as it is functional.
> > there are some discussions of how to add ACLs into JSR283 (jcr 2.0).
> > as soon we have some consensus of how this should be modeled, we will
> > start to implement it into jackrabbit. and of course any sound help is
> > welcome.
> > > I've seen that the RFC3253 as been implemented in the webdav server, so
> i
> > > can later add the real rights showing in the propfind.
> > as i said, it would be cool, if the webdav acl and the repository acl
> > work with the same mechanisms.
> >
> > regards, toby
> > --
> > -----------------------------------------<
> tobias.bocanegra@day.com >---
> > Tobias Bocanegra, Day Management AG, Barfuesserplatz 6, CH - 4001 Basel
> > T +41 61 226 98 98, F +41 61 226 98 97
> > -----------------------------------------------<
> http://www.day.com >---
> >
>
>
> --
> Muniak julien
--
-----------------------------------------< tobias.bocanegra@day.com >---
Tobias Bocanegra, Day Management AG, Barfuesserplatz 6, CH - 4001 Basel
T +41 61 226 98 98, F +41 61 226 98 97
-----------------------------------------------< http://www.day.com >---