You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2009/07/07 15:08:14 UTC
[jira] Commented: (JCR-2103) Make the Princpal Resolution in the
acl.ACLProvider dynamic
[ https://issues.apache.org/jira/browse/JCR-2103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12728081#action_12728081 ]
angela commented on JCR-2103:
-----------------------------
i had a look at the patch and have the following concerns:
- resolving the set principals of a user is done during login and not during the authorization process.
i don't see why you add an extension to ACLProvider for that.
- you add quite some code to the default implementation with timestamps and expiration evalution
that is useless in the default, that doesn't have any expiration at all.
- i don't see the relation between resolving principals of a user and expiration of a ac-Result object.
and i somehow have the feeling that you try use that to hack around some limitation (which most
probably didn't understand)...
- if i would want to extend the ACLProvider, i'd rather look for
> an extension point how the entries are collected this isn't addressed by the patch.
> for the possibility to create my custom Result object
> for the ability to individually invalidate Results in a generic way instead of defining this as
time limit... there might be other means that render an entry invalid... (e.g. if the cache-cleaning
process was a little cleverer).
and some minor comments
- ACLTemplate.collectEntries got replace by your interface method, but code wasn't removed.
- indention not as we use to have it in jackrabbit
- javadoc doesn't match method.
the way it is suggested i wouldn't want to extend the ACLProvider.
angela
> Make the Princpal Resolution in the acl.ACLProvider dynamic
> -----------------------------------------------------------
>
> Key: JCR-2103
> URL: https://issues.apache.org/jira/browse/JCR-2103
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 1.5.5
> Reporter: Ian Boston
> Assignee: angela
> Attachments: ExtendACLProvider.patch
>
>
> At the moment, extending the DefaultAccessManager is hard and requires full access to the o.a.j.core.
> This patch makes it possible to change the way in which a users set of Principals are resolved by providing an extension point in the ACLProvider so that an alternative AccessControlProvider could be delivered from SecurityManager.
> The patch that follows does not address the extension of the SecurityManager which needs to be inside o.a.j.core
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.