You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by Apache Wiki <wi...@apache.org> on 2011/03/08 11:20:02 UTC
[Jackrabbit Wiki] Update of "AccessControl" by ThomasMueller
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Jackrabbit Wiki" for change notification.
The "AccessControl" page has been changed by ThomasMueller.
The comment on this change is: isAdmin.
http://wiki.apache.org/jackrabbit/AccessControl?action=diff&rev1=7&rev2=8
--------------------------------------------------
= Access Control / Authorization =
+ <<TableOfContents>>
+
+ == Overview ==
[[http://jcp.org/en/jsr/detail?id=283|JCR 2.0]] specifies Access Control Management in [[http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html|section 16]]. The JCR API package is [[http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/security/package-summary.html|javax.jcr.security]]. It covers the authorization part, ie. what a certain user is allowed to do with the repository, but not UserManagement, which is provided by Jackrabbit as an implementation-specific feature.
=== Permissions / Privileges ===
@@ -63, +66 @@
* Principal-based: {{{org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider}}}
* Combined, resource+principal-based: {{{org.apache.jackrabbit.core.security.authorization.combined.CombinedProvider}}}
- TODOs
- * TODO: setting resource-based and principle-based ACLs (rep:nodePath, rep:glob) via the APIs
- * TODO: how ACLs are stored
- * TODO: AccessControlProvider as an interface to extend for custom acl
- * TODO: general security config
+ == API ==
+
+ Jackrabbit provides [[http://jackrabbit.apache.org/api/2.1/org/apache/jackrabbit/api/security/|additional API for security and user management]]. As an example to check if a user is the admin user, use:
+
+ {{{
+ JackrabbitSession js = (JackrabbitSession) session;
+ User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
+ boolean isAdmin = user.isAdmin();
+ }}}
+
+ == TODO ==
+
+ * setting resource-based and principle-based ACLs (rep:nodePath, rep:glob) via the APIs
+ * how ACLs are stored
+ * AccessControlProvider as an interface to extend for custom acl
+ * general security config
+