You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@jackrabbit.apache.org by bilobag <bi...@hotmail.com> on 2007/09/04 21:26:29 UTC

AccessManager Security with Acegi

I am currently using Spring and Acegi in a web application with Jackrabbit as
my repository.  Is it possible to use an AccessManager with Acegi for
security?  Ideally, i would like to have the AccessManager
checkPermissions() everytime a node is retrieved from the repository.  I
would like to have a user login, load all privileges for that user (type of
access to certain node uuid's), store those privileges either in the session
or load them into the AccessManager, then have checkPermissions() be called
for every node retrieval.  However, I'm not sure how i can have the
AccessManager either access a session scoped object or load the
AccessManager with a set of priveleges on login.  Does anyone have an advice
or suggestions?  Am I thinking of this in the wrong way?  
-- 
View this message in context: http://www.nabble.com/AccessManager-Security-with-Acegi-tf4379808.html#a12484870
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Re: AccessManager Security with Acegi

Posted by Stefan Guggisberg <st...@gmail.com>.

On 9/4/07, bilobag <bi...@hotmail.com> wrote:
>
> I am currently using Spring and Acegi in a web application with Jackrabbit as
> my repository.  Is it possible to use an AccessManager with Acegi for
> security?  Ideally, i would like to have the AccessManager
> checkPermissions() everytime a node is retrieved from the repository.  I
> would like to have a user login, load all privileges for that user (type of
> access to certain node uuid's), store those privileges either in the session
> or load them into the AccessManager, then have checkPermissions() be called
> for every node retrieval.  However, I'm not sure how i can have the
> AccessManager either access a session scoped object or load the
> AccessManager with a set of priveleges on login.  Does anyone have an advice
> or suggestions?  Am I thinking of this in the wrong way?

you could either

- pass arbitrary parameters to your access manager by adding e.g.

            <param name="config" value="${rep.home}/access.xml"/>

   to the <AccessManager/> element in the repository config.

- subclass RepositoryImpl and SessionImpl and override
   RepositoryImpl#createSessionInstance() and
   SessionImpl#createAccessManager()

cheers
stefan
> --
> View this message in context: http://www.nabble.com/AccessManager-Security-with-Acegi-tf4379808.html#a12484870
> Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
>
>