Hi Yanjie
From your first post, it seems you're really more interested in
authorization than authentication, but both are handled (to different
degrees) in Sling.
For authentication, you can configure one of the provided handlers (HTTP
Basic or OpenID) to be active on one or more paths or host/path
combinations. This takes care of extracting the credentials of the
remote user from the request & providing them to Sling.
For user management, you can use the new SlingPostOperations to create &
update users (or groups) associated with the above credentials. These
are the Jackrabbit/repository -level identities that are needed in order
to use the authorization features.
For authorization, you can use the AccessControlUtil class to
add/remove/update ACLs on repository nodes, referring to the above
users/groups.
This last part is from memory and may be incorrect :-): by default a
fresh Jackrabbit 1.5 repository has 2 users (admin and anonymous), and 3
groups (administrators, UserAdmin, and GroupAdmin). There are no ACLs
initially, though the admin user always has full permissions anyway.
After you set an initial ACL, I think you will see a root-level ACL will
be added explicitly giving the admin user full permissions (though *not*
the administrators group!!!).
I believe the details of the above are covered elsewhere in the mailing
archives - let me know if this doesn't resolve your questions.
Regards,
Rory
yanjie wrote:
HI felix:
Glad to recieve your answer ,
I think it's important for a content manager system to have authentication control.
If there is no authenticatioin control , user management will be less useful.
I think the users of sling really hope sling can add the authentication's
function early.
waiting ...
thanks.
2009-03-02
yanjie
发件人: Felix Meschberger
发送时间: 2009-02-28 05:03:18
收件人: sling-dev
抄送:
主题: Re: How can I realize authentication in sling?
Hi,
yanjie schrieb:
Hi everyone:
I want to give a user some policy to handle a node(read or write or modify..) , and other users don't have the policy . Or a group has the policy and the users in the group all have the authentication . how can I use sling to realize it?
Sling employs the authentication and access control functionality of the
underlying JCR repository (Jackrabbit by default).
So you have to create users and groups in Jackrabbit (I have applied the
SLING-875 patches by Eric Norman today to enable user/group management
in Sling.
In addition you have to set access control in the repository. This is
more problematic at the moment because Jackrabbit 1.5 embedded in Sling
only contains partial support for JSR-283 (aka JCR 2.0) access control
support.
Maybe others on the list are more knowledgeable in this respect...
Regards
Felix
--
Rory Douglas | Senior Principal Consultant
Fax: +1-201-604-6428 | Mobile: +1-917-498-5344
Oracle North America Consulting
ORACLE United States | | San Diego, CA
"Please consider your environmental responsibility before printing this
e-mail"
