You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by Ian Boston <ie...@tfd.co.uk> on 2009/04/29 11:03:36 UTC
Extending JR15 acl.ACLProvider
Hi,
I have been trying to extend the JR15 acl.ACLProvider (as used by
Sling, so may not be identical to trunk), and arrived at something
that might be considered to go back in to JR... if you are interested.
It replaces the static call to ACLTemplate.collectEntries(node,map)
with an object, that object implementing an internal API,
EntryCollector, coming from a protected method getEntryCollector(),
which can be overridden.
This has allowed me to change the way in which the the ACL is filtered
for the current session. For an example extension see [1], and the
modified acl.ACL* classes see [2] Is this something likely to be
useful in JR core, or do you have other plans for this area ?
Ian
[1] http://github.com/ieb/k2-sling-fork/tree/3ff6f8d3ad7156e6b731a0ab5c7c75533ed0c790/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/dynamic
[2] http://github.com/ieb/k2-sling-fork/tree/3ff6f8d3ad7156e6b731a0ab5c7c75533ed0c790/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/standard
Re: Extending JR15 acl.ACLProvider
Posted by Jukka Zitting <ju...@gmail.com>.
Hi,
On Wed, Apr 29, 2009 at 11:03 AM, Ian Boston <ie...@tfd.co.uk> wrote:
> It replaces the static call to ACLTemplate.collectEntries(node,map) with an
> object, that object implementing an internal API, EntryCollector, coming
> from a protected method getEntryCollector(), which can be overridden.
>
> This has allowed me to change the way in which the the ACL is filtered for
> the current session. For an example extension see [1], and the modified
> acl.ACL* classes see [2] Is this something likely to be useful in JR core,
> or do you have other plans for this area ?
Angela knows best what's going on with the JCR 2.0 security work, but
AFAIK the basic design is already in place. Any improvements are of
course welcome.
What I didn't get from your message is the rationale for your changes.
What's your use case?
BR,
Jukka Zitting
Re: Extending JR15 acl.ACLProvider
Posted by Ian Boston <ie...@tfd.co.uk>.
This diagram might help
http://groups.google.com/group/sakai-kernel/web/DynamicACLs.png
Ian
On 29 Apr 2009, at 10:03, Ian Boston wrote:
> Hi,
> I have been trying to extend the JR15 acl.ACLProvider (as used by
> Sling, so may not be identical to trunk), and arrived at something
> that might be considered to go back in to JR... if you are
> interested.
>
> It replaces the static call to ACLTemplate.collectEntries(node,map)
> with an object, that object implementing an internal API,
> EntryCollector, coming from a protected method getEntryCollector(),
> which can be overridden.
>
> This has allowed me to change the way in which the the ACL is
> filtered for the current session. For an example extension see [1],
> and the modified acl.ACL* classes see [2] Is this something likely
> to be useful in JR core, or do you have other plans for this area ?
>
> Ian
>
> [1] http://github.com/ieb/k2-sling-fork/tree/3ff6f8d3ad7156e6b731a0ab5c7c75533ed0c790/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/dynamic
>
> [2] http://github.com/ieb/k2-sling-fork/tree/3ff6f8d3ad7156e6b731a0ab5c7c75533ed0c790/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/standard