I found the builtin_nodetypes.xml file in the
org.apache.jackrabbit.core.nodetype package that has helped me understand
what the hierarchy must look like.
the hierarchy doen't have to look like that.
it is the access control evaluation system used that
defines on whether the security content is stored within
the repository or if it isn't. and if this is the case how
the structure needs to look like.
the node type definitions present with the buildin-nodetypes
just represent the structure used by the examples i listed
in the previous mail. this isn't mandatory at all.
I've concluded any node can be access
controlled by assigning it the "rep:AccessControllable" mixin type, giving
it a child node of primary type "rep:ACL" and this last one must have one
child node of primary type "rep:ACE" for each entry in the list. If it's not
too much asking, I'd appreciate anyone having a good understanding on this
area to confirm my conclusion.
you shouldn't have to care about the content structure
after all. all you should need to do is using the security
API:
- getting the AccessControlManager from the session.
- retrieving the applicable policies for a specific node
- ev. modify the policies if possible (e.g. if it is
an implementation of AccessControlList or some other
modifiable implementation of the AccessControlPolicy).
- use AccessControlManager#setPolicy to place the policy
- and call save to have the policy taking effect.
hope that helps
angela
