You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@jackrabbit.apache.org by Mirosław Ochodek <mi...@gmail.com> on 2009/01/30 17:08:35 UTC

Permissions in JackRabbit 1.5

Hello everyone,

Could you please give me a reference to materials about permissions  
management in JR 1.5 (something more comprehensible than what is in  
configuraiton section on page).

I have seen that there is yet another interface - SecurityManager. I  
know that authorization should be handled externally with the use of  
own implamation of AccessManager and LoginManager. My question is what  
SecurityManager is for?

Thank you in advance.

Best regards,
Mirek

Re: Permissions in JackRabbit 1.5

Posted by Alexander Klimetschek <ak...@day.com>.

On Fri, Jan 30, 2009 at 5:08 PM, Mirosław Ochodek
<mi...@gmail.com> wrote:
> Could you please give me a reference to materials about permissions
> management in JR 1.5 (something more comprehensible than what is in
> configuraiton section on page).

There is not much documentation yet. A starting point is the original
issue [1]. If you plan to write your custom authorization, you should
also search the users and dev mailing lists, eg. at
http://jackrabbit.markmail.org

> I have seen that there is yet another interface - SecurityManager. I know
> that authorization should be handled externally with the use of own
> implamation of AccessManager and LoginManager.

Starting with JR 1.5, the default implementation is based on storing
users and ACLs in the repository, so there is no need to implement
your own classes for that purpose (except if you want to do it
differently). Citing JCR-1171:

    Default Implementation
    ===================
    The Default Implementation uses the Repository itself to store its
security data.
    The Users are stored within a dedicated workspace.
    The ACL are attached to the Nodes they relate to.
    The ACLs are inherited along the Item-Hierarchy.
    The Principals are taken from the Authorables.

> My question is what SecurityManager is for?

The security manager technically manages the auhtorization part of the
security implementation, ie. the AccessManager, PrincipleManager and
UserManager, it's not directly mapped to functionality (I hope I got
it right ;-)). See the interface for that class [2]. There are two
implementations, the DefaultSecurityManager [3] (the default impl
mentioned above) and the SimpleSecurityManager [4].

[1] http://issues.apache.org/jira/browse/JCR-1171

[2] http://svn.apache.org/repos/asf/jackrabbit/tags/1.5.0/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/JackrabbitSecurityManager.java

[3] http://svn.apache.org/repos/asf/jackrabbit/tags/1.5.0/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java

[4] http://svn.apache.org/repos/asf/jackrabbit/tags/1.5.0/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetschek@day.com