hi alessandro
the fundamental principals of the new security functionality
is defined by the upcoming jsr 283. you might get an idea
of the overall direction by looking at
org.apache.jackrabbit.api.jsr283.security.
the interfaces defined do not presume a single concrete
security model and the implementation in jackrabbit
is intended to define enough configuration points in order
to allow you to replace individual compoments or implement
your own security model.
> also i have seen that there are many new classes
such as Authorizable, User, Group...
those are used by the default implementation provided
by jackrabbit.
so maybe you should rather start looking at the 283
interfaces first and then step into the details of
the default implementation.
regards
angela
