2011/11/22 Bertrand Delacretaz <[email protected]>: > On Tue, Nov 22, 2011 at 1:45 PM, Alexander Klimetschek > <[email protected]> wrote: >> ...Personally I think it is much better to put such additional ACL >> implementations into the JCR (e.g. a custom Jackrabbit access control >> provider). The problem is that anytime your code is using JCR (such as for >> complex operations not possible through the simple resource API) your >> sling-based access control won't be used at all.... > > Right...adding an ACL layer that's not based on JCR might generate a > lot of confusion IMO. > [...] > To keep things simple I'd suggest using a "shadow resource tree" in > JCR if we need to define access control for ResourceResolvers which > are not JCR: have the /SLING-ACL/resolvers/com.example.bar/foo > repository node define ACL for resource /foo provided by provider > com.example.bar, for example.
Hmm, so you are thinking about delegating access control for all kind of resources to JCR? Wouldn't that just duplicate resource trees from (all) other resource providers into JCR, just for the sake of access control? -- Vidar S. Ramdal <[email protected]> Webstep AS - http://www.webstep.no Besøksadresse: Lilleakerveien 8, 0283 Oslo Postadresse: Postboks 272 Lilleaker, 0216 Oslo
