Hi, I have a simple set of requirement to implement - and any info/samples with configuring JackRabbit to meet these requirements would be of immense help.
- I have to support multiple set of content areas: Hence I would be using multiple workspace - Users (and hence login) and User groups will be driven by LDAP - Each workspace to have a defined user group in LDAP i.e. workspace1_users, workspace2_users: A member of the group will be able to read everything in the corresponding workspace, but update one a single specific file i.e. request.csv (create multiple version of the same file) - There will be an admin ldap group i.e. jackrabbit_admin and these users will have all permissions on all objects in all the workspaces What I have done so far: 1. Achieved LDAP login through config in repository.xml: <LoginModule class="com.sun.security.auth.module.LdapLoginModule"> 2. Defined user/workspace configuration in respository.xml: <SecurityManager class="org.apache.jackrabbit.core.UserPerWorkspaceSecurityManager" workspaceName="security"> What I am struggling with: Writing a Customer Workspace Level access control provider. My custom provider gets invoked, it gets compiled permissions, but after that I get an Unauthorized message My configuration in workspace.xml looks like below <WorkspaceSecurity> <AccessControlProvider class="WorkspaceAccessControlProvider"> <param name="allowedGroupId"value="222222 "/> </AccessControlProvider> </WorkspaceSecurity> where WorkspaceAccessControlProvider - Is my attempt to build a custom access control provider, which should treat users belonging to ldap group "222222" as workspace users -- Regards, Venkat
