thanks a lot Angela, this make great sense. BR, Yusuf
On Tue, Jan 25, 2011 at 11:50 PM, Angela Schreiber <[email protected]>wrote: > hi yusuf > > > I guess I found something usefull here >> >> *JCR* 2 only defines the ability to add privileges. You need to use the >> *Jackrabbit*-specific *JackrabbitAccessControlList* to add a "deny" access >> control entry. >> > > one additional hint: please note that in the default implementation > privileges granted/denied for a given user always take precedence over > those defined any group the user is member of. > > in general we advise to create access control entries for groups > as this improves maintainability of the access control content. > similarly we advise to use allow/deny entries for individual users > where you really want to target that specific user and nobody else... > > regards > angela > > > > >> http://jackrabbit.510166.n4.nabble.com/Help-with-JCR-2-access-control-td2403697.html >> >> thanks again Justin :) >> >> >> On Sun, Jan 23, 2011 at 2:01 AM, Yusuf Aaji<[email protected]> wrote: >> >> Hi, >>> >>> I have managed to use the default* security classes with jackrabbit and >>> used the access policies in a good way so far. >>> >>> But there is a strange behaviour I'm getting. If I grant everyone or >>> anonymous jcr:read on the root folder, I can't revoke that or override it >>> on >>> any sub-folder no matter what the policies on that sub-folder is. >>> >>> Is this ok, or am I missing something? >>> >>> I mean I need Mr.anonymous to access my repo but I need to hide some >>> folders from him. Sorry anonymous, don't take it personal, but every >>> business have some confidential documents :) >>> >>> any idea jackrabbit developers?! >>> >>> BR, >>> Yusuf >>> >>> >> >> >>
