You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by connuser1 connuser1 <co...@gmail.com> on 2012/11/06 06:44:27 UTC
Re: Where are users stored in the repository?
Thanks Angela!
I have updated my settings per your suggestion. It seems to be working as
expected.
<SecurityManager
class="org.apache.jackrabbit.core.UserPerWorkspaceSecurityManager">
<UserManager
class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">
<param name="usersPath" value="/home/users"/>
<param name="groupsPath" value="/home/groups"/>
<param name="defaultDepth" value="1"/>
<param name="autoExpandTree" value="true"/>
<AuthorizableAction
class="org.apache.jackrabbit.core.security.user.action.AccessControlAction">
<param name="groupPrivilegeNames" value="jcr:read"/>
<param name="userPrivilegeNames" value="jcr:all"/>
</AuthorizableAction>
</UserManager>
<!--
workspace access:
class: FQN of class implementing the WorkspaceAccessManager
interface
-->
<!-- <WorkspaceAccessManager class="..."/> -->
<!-- <param name="config" value="${rep.home}/security.xml"/> -->
</SecurityManager>
On Mon, Oct 22, 2012 at 1:59 PM, Angela Schreiber <an...@adobe.com> wrote:
> please don't use the configuration as specified below.
> it doesn't make sense and is a mixture between jackrabbit's
> default setup and the user-per-workspace idea that we use
> at adobe.
>
> instead you should change the config to either
> a) set SecurityManger class to UserPerWorkspaceSecurityManage**r
> b) set UserManager class to UserManagerImpl
>
> the DefaultSecurityManager expects the users to be stored
> in a dedicated extra workspace (see "workspaceName attribute
> with the security manager) and makes sure that the user
> manager is always bound to that workspace... this contradicts
> the aim of the UserPerWorkspaceUserManager.
>
> the only difference between the base class UserManagerImpl and
> it's derived variant is that the latter allows you to disable
> the 'auto-save' mode (in other other words delegating the
> responsibility of calling save to the editing session) and
> allows to retrieve the path of an authorizable. both features
> only make sense if the user manager is guaranteed to be bound
> to the editing session which is not the case with DefaultSecurityManager.
>
> kind regards
> angela
>
>
>
>
> On 10/13/12 2:38 PM, Chetan Mehrotra wrote:
>
>> You can control the location where are user are created by default
>> through UserManager config which is by default optional
>>
>> <SecurityManager class="org.apache.jackrabbit.**
>> core.DefaultSecurityManager">
>> <!--
>> optional user manager configuration
>> -->
>> <UserManager
>> class="org.apache.jackrabbit.**core.security.user.**
>> UserPerWorkspaceUserManager">
>> <param name="usersPath" value="/home/users"/>
>> <param name="groupsPath" value="/home/groups"/>
>> <param name="defaultDepth" value="1"/>
>> <param name="autoExpandTree" value="true"/>
>> <AuthorizableAction
>> class="org.apache.jackrabbit.**core.security.user.action.**
>> AccessControlAction">
>> <param name="groupPrivilegeNames" value="jcr:read"/>
>> <param name="userPrivilegeNames" value="jcr:all"/>
>> </AuthorizableAction>
>>
>> </UserManager>
>>
>> <!--
>> optional workspace access manager configuration
>> -->
>> </SecurityManager>
>>
>>
>> Chetan Mehrotra
>>
>