Hi yanjie, For my own project, I've implemented some custom sling POST handlers (similar to the usermanager actions I contributed earlier) to add/modify/delete access control entries for users/groups using the early access JSR-283 access control support in jackrabbit 1.5.
It seems to work well for my use cases, and I was planning on submitting a patch when I get some free time to clean it up a bit. If that is something you would be interested in using, I can try to submit a patch for consideration in the next few days. -Eric On Sun, Mar 1, 2009 at 7:16 PM, yanjie <yanshaozhi...@gmail.com> wrote: > HI felix: > Glad to recieve your answer , > I think it's important for a content manager system to have authentication > control. > If there is no authenticatioin control , user management will be less > useful. > I think the users of sling really hope sling can add the authentication's > function early. > waiting ... > > thanks. > > > 2009-03-02 > > > > yanjie > > > > 发件人: Felix Meschberger > 发送时间: 2009-02-28 05:03:18 > 收件人: sling-dev > 抄送: > 主题: Re: How can I realize authentication in sling? > > Hi, > yanjie schrieb: > > Hi everyone: > > I want to give a user some policy to handle a node(read or write or > modify..) , and other users don't have the policy . Or a group has the > policy and the users in the group all have the authentication . how can I > use sling to realize it? > Sling employs the authentication and access control functionality of the > underlying JCR repository (Jackrabbit by default). > So you have to create users and groups in Jackrabbit (I have applied the > SLING-875 patches by Eric Norman today to enable user/group management > in Sling. > In addition you have to set access control in the repository. This is > more problematic at the moment because Jackrabbit 1.5 embedded in Sling > only contains partial support for JSR-283 (aka JCR 2.0) access control > support. > Maybe others on the list are more knowledgeable in this respect... > Regards > Felix >