You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@jackrabbit.apache.org by Apache Wiki <wi...@apache.org> on 2011/03/08 11:20:02 UTC

[Jackrabbit Wiki] Update of "AccessControl" by ThomasMueller

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Jackrabbit Wiki" for change notification.

The "AccessControl" page has been changed by ThomasMueller.
The comment on this change is: isAdmin.
http://wiki.apache.org/jackrabbit/AccessControl?action=diff&rev1=7&rev2=8

--------------------------------------------------

  = Access Control / Authorization =
+ <<TableOfContents>>
+ 
+ == Overview ==
  [[http://jcp.org/en/jsr/detail?id=283|JCR 2.0]] specifies Access Control Management in [[http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html|section 16]]. The JCR API package is [[http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/security/package-summary.html|javax.jcr.security]]. It covers the authorization part, ie. what a certain user is allowed to do with the repository, but not UserManagement, which is provided by Jackrabbit as an implementation-specific feature.
  
  === Permissions / Privileges ===
@@ -63, +66 @@

   * Principal-based: {{{org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider}}}
   * Combined, resource+principal-based: {{{org.apache.jackrabbit.core.security.authorization.combined.CombinedProvider}}}
  
- TODOs
-  * TODO: setting resource-based and principle-based ACLs (rep:nodePath, rep:glob) via the APIs
-  * TODO: how ACLs are stored
-  * TODO: AccessControlProvider as an interface to extend for custom acl
-  * TODO: general security config
  
+ == API ==
+ 
+ Jackrabbit provides [[http://jackrabbit.apache.org/api/2.1/org/apache/jackrabbit/api/security/|additional API for security and user management]]. As an example to check if a user is the admin user, use: 
+ 
+ {{{
+ JackrabbitSession js = (JackrabbitSession) session;
+ User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
+ boolean isAdmin = user.isAdmin();
+ }}}
+ 
+ == TODO == 
+ 
+  * setting resource-based and principle-based ACLs (rep:nodePath, rep:glob) via the APIs
+  * how ACLs are stored
+  * AccessControlProvider as an interface to extend for custom acl
+  * general security config
+