Hi Michael, Yes, I do mean access control.
After looking through the code it seems like the AccessManager will get invoked for every hit in the result list. I would like to implement a simple access control scheme based on node type. From a performance point of view it would be good to avoid a check for every hit. On the other hand its simple to implement a custom QueryManager that narrows the search to only include the node types that the subject has access rights to, right? Is there a suitable place to do the access control check that does not get called when performing searches? /Magnus -----Ursprungligt meddelande----- Från: Michael Neale [mailto:[EMAIL PROTECTED] Skickat: den 1 oktober 2006 19:00 Till: [email protected] Ämne: Re: how does authorization works in jackrabbit? Hi Magnus. Firstly, I think by authorisation in this context you mean access control? (authorisation is via JAAS I believe). I worked out a little by plugging in a dummy AccessManager and looked at the callbacks. I did not try it with searching though, but I gather it will use it to honour the access rules with returning results - thus your acess list lookups better be really fast and in memory ! Anyone else with real experience, please do share ! On 10/1/06, Magnus Grimsell <[EMAIL PROTECTED]> wrote: > > I would like to learn more how JackRabbit handles authorization to the > repository content. Especially when it comes to searching. > I've seen that there is a plugable AccessManager but I'm not sure how this > is used to filter the search result. > Can somebody point me to some documentation or where in the code to look? >
