Angela Schreiber schrieb:
> hi roland
>
>> Sorry maybe i wasn't clear enough. i meant grant or deny acces to an
>> individual property of a node.
>
> yes... that's what i understood.
>
>> Will this be possible in Jackrabbit 1.6 or 2.0?
>
> that should be possible with jackrabbit 1.5.0 already.
> despite the fact that it is still work in progress...
>
>> Because i just checked out the trunk for 1.6-SNAPSHOT and tried to
>> restrict the access but got an PathNotFoundException.
>> Than i realized ACL's could only be assigned to nodes, but how do i
>> build a correct ACL which i can assign to the node?
>> am i missing something?
>
> ACLs can only be assigned to Nodes. Similarly a Session
> holds a set of Privileges on a given Node (and never on
> a Property). this is defined by the JSR 283 access control.
>
> however, you still may have finer grained permissions
> even for individual properties or nodes:
>
> quote from the specification:
> "
> In repositories that do support access control management, the
> permissions encompass the restrictions imposed by privileges, but also
> include any additional policy-internal refinements with effects too
> fine-grained to be exposed through privilege discovery. A common cases
> may be to provide finer-grained access restrictions to individual
> properties or child nodes of the node to which the policy applies.
> "
>
> for this purpose jackrabbit defines refined ACL/ACE
> interfaces that allow to pass additional restrictions
> when creating an ACE. which restrictions are understood
> and/or respected is left to the implementation.
>
Could You direct me to a place where i can find more documentation,
about the supported restrictions in Jackrabbit?
I think it has something to do with "rep:glob", but how do i use it?
> you may take a look at
> http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplate.java
>
>
How could i configure a repository to use
org.apache.jackrabbit.core.security.authorization.principalbased.ACLTemplate
?
I tried this in my repository.xml, using "DefaultSecurityManager",
"DefaultAccessManager" and "DefaultLoginModule". But it seems the i am not
able to select the principalbased.ACLTemplate. i always get the
acl.ACLTemplate from "AccessControlProviderFactoryImpl.createProvider()"
and i had
a look in that method, so me idea was to configure my repository to use
an principalbased.ACLProvider (line 76-78 in
AccessControlProviderFactoryImpl).
<Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="default"/>
<!--
workspace configuration template:
used to create the initial workspace if there's no workspace yet
-->
<Workspace name="${wsp.name}">
<!--
virtual file system of the workspace:
class: FQN of class implementing the FileSystem interface
-->
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${wsp.home}"/>
</FileSystem>
<!--
persistence manager of the workspace:
class: FQN of class implementing the PersistenceManager interface
-->
<PersistenceManager
class="org.apache.jackrabbit.core.persistence.bundle.DerbyPersistenceManager">
<param name="url" value="jdbc:derby:${wsp.home}/db;create=true"/>
<param name="schemaObjectPrefix" value="${wsp.name}_"/>
</PersistenceManager>
<!--
Search index and the file system it uses.
class: FQN of class implementing the QueryHandler interface
-->
<SearchIndex
class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${wsp.home}/index"/>
<param name="textFilterClasses"
value="org.apache.jackrabbit.extractor.PlainTextExtractor,org.apache.jackrabbit.extractor.MsWordTextExtractor,org.apache.jackrabbit.extractor.MsExcelTextExtractor,org.apache.jackrabbit.extractor.MsPowerPointTextExtractor,org.apache.jackrabbit.extractor.PdfTextExtractor,org.apache.jackrabbit.extractor.OpenOfficeTextExtractor,org.apache.jackrabbit.extractor.RTFTextExtractor,org.apache.jackrabbit.extractor.HTMLTextExtractor,org.apache.jackrabbit.extractor.XMLTextExtractor"/>
<param name="extractorPoolSize" value="2"/>
<param name="supportHighlighting" value="true"/>
</SearchIndex>
<WorkspaceSecurity>
<AccessControlProvider
class="org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider">
</AccessControlProvider>
</WorkspaceSecurity>
</Workspace>
> it is still sort of a draft but you will get the idea.
>
> hope that helps
> angela
>
>
thanks in advance
roland
--
Roland Klein
Tel: +49 40 65803 209
Fax: +49 40 65803 392
[EMAIL PROTECTED]
MTG Marinetechnik GmbH - Wandsbeker Koenigstr. 62 - D 22041 Hamburg
GF Dipl.-Ing. Ullrich Keil
Handelsregister: Abt. B Nr. 11 500 - Amtsgericht Hamburg Abt. 66
USt.-IdNr.: DE 1186 70571
