You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by Ian Boston <ie...@tfd.co.uk> on 2009/04/29 11:03:36 UTC

Extending JR15 acl.ACLProvider

Hi,
I have been trying to extend the JR15 acl.ACLProvider (as used by  
Sling, so may not be identical to trunk), and arrived at something  
that might  be considered to go back in to JR... if you are interested.

It replaces the static call to ACLTemplate.collectEntries(node,map)  
with an object, that object implementing an internal API,  
EntryCollector, coming from a protected method getEntryCollector(),  
which can be overridden.

This has allowed me to change the way in which the the ACL is filtered  
for the current session. For an example extension see [1], and the  
modified acl.ACL* classes see [2] Is this something likely to be  
useful in JR core, or do you have other plans for this area ?

Ian

[1] http://github.com/ieb/k2-sling-fork/tree/3ff6f8d3ad7156e6b731a0ab5c7c75533ed0c790/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/dynamic

[2] http://github.com/ieb/k2-sling-fork/tree/3ff6f8d3ad7156e6b731a0ab5c7c75533ed0c790/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/standard

Re: Extending JR15 acl.ACLProvider

Posted by Jukka Zitting <ju...@gmail.com>.

Hi,

On Wed, Apr 29, 2009 at 11:03 AM, Ian Boston <ie...@tfd.co.uk> wrote:
> It replaces the static call to ACLTemplate.collectEntries(node,map) with an
> object, that object implementing an internal API, EntryCollector, coming
> from a protected method getEntryCollector(), which can be overridden.
>
> This has allowed me to change the way in which the the ACL is filtered for
> the current session. For an example extension see [1], and the modified
> acl.ACL* classes see [2] Is this something likely to be useful in JR core,
> or do you have other plans for this area ?

Angela knows best what's going on with the JCR 2.0 security work, but
AFAIK the basic design is already in place. Any improvements are of
course welcome.

What I didn't get from your message is the rationale for your changes.
What's your use case?

BR,

Jukka Zitting

Re: Extending JR15 acl.ACLProvider

Posted by Ian Boston <ie...@tfd.co.uk>.

This diagram might help
http://groups.google.com/group/sakai-kernel/web/DynamicACLs.png

Ian
On 29 Apr 2009, at 10:03, Ian Boston wrote:

> Hi,
> I have been trying to extend the JR15 acl.ACLProvider (as used by  
> Sling, so may not be identical to trunk), and arrived at something  
> that might  be considered to go back in to JR... if you are  
> interested.
>
> It replaces the static call to ACLTemplate.collectEntries(node,map)  
> with an object, that object implementing an internal API,  
> EntryCollector, coming from a protected method getEntryCollector(),  
> which can be overridden.
>
> This has allowed me to change the way in which the the ACL is  
> filtered for the current session. For an example extension see [1],  
> and the modified acl.ACL* classes see [2] Is this something likely  
> to be useful in JR core, or do you have other plans for this area ?
>
> Ian
>
> [1] http://github.com/ieb/k2-sling-fork/tree/3ff6f8d3ad7156e6b731a0ab5c7c75533ed0c790/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/dynamic
>
> [2] http://github.com/ieb/k2-sling-fork/tree/3ff6f8d3ad7156e6b731a0ab5c7c75533ed0c790/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/standard