Eren- I would recommend that you read How to Ask Questions The Smart Way: http://www.catb.org/~esr/faqs/smart-questions.html
And suggest that you start by posting a single question per thread. That'll be less confusing for everyone. In general, when building multi-tenant applications on top of JCR, you need to be very careful not to expose too much of the JCR surface to your tenants. While the access control features of JCR make it very well-suited to multi-tenant applications, there are lots of globals which need to be shared across tenants. The most obvious one is users - a single Jackrabbit repository typically has a single set of users[1]. As such, you will probably want to create a tenant-aware service layer on top of the Jackrabbit User Manager to, for example, prefix user ids with the tenant name. This likely also means you'll need to do some abstraction around access control as well. Justin [1] Jackrabbit does support the notion of separate user lists per workspace. See http://comments.gmane.org/gmane.comp.apache.jackrabbit.user/17269 for some discussion On Fri, Mar 2, 2012 at 12:13 PM, Eren Erdemli <erenerde...@gmail.com> wrote: > First of all thanks for your quick response, > > As admin I mean administrator for given domain who should be able to > administer nodes and the users of that domain maybe tie them into a jcr > group? > > How would you automate the acl on user creation and tie them up to paths of > domain. > > Can we use event listeners for user creation? > > And as per workspace and Davids advice it seems like a no go! > > Regards > Eren > On Mar 2, 2012 3:10 PM, "maikhorma" <mher...@nbme.org> wrote: > >> >> Eren Erdemli wrote >> > >> > *Admin User :* How Would you Separate Admin Users Per Domain? What is the >> > recommended Approach! >> > >> >> Kind of depends on what you want your "admin" to be able to do. If you're >> talking specifically the jackrabbit admin account I don't think you can >> create multiple of those. You may just want to use a separate sling >> instance for each domain. If you just mean an account that has full access >> to their domain's content, that can be done with a jackrabbit user and acl >> entries. >> >> >> Eren Erdemli wrote >> > >> > *Customers/Portal Users:* What will be the recommended way of handling >> > portal users Create JCR Users? of Keep them elsewhere as Nodes? >> > especially when creating nodes under /orders, reviews etc.. >> > >> >> I would use jackrabbit users if possible. Otherwise you'll be implementing >> basic security features in your code rather than just letting the >> repository >> do its job. >> >> >> >> Eren Erdemli wrote >> > >> > If Using JCR Users how should I handle the Access rights? Can we use >> > PostProcessors? >> > >> If using JCR User, by default users will not be able to access content if >> they don't have the proper acl defined. They can't search for it, for all >> they know it doesn't exist, so the code tied to that resource will never >> get >> called. >> >> >> >> Eren Erdemli wrote >> > >> > Would you recommend using Workspace Per Domain if so how can we achieve >> > this WorkspaceFilter seems like a good option are there any disadvantages >> > to this? >> > >> >> See David's Model [1] for caution on using workspaces that way. If you >> can't implement what you want using separate node trees and ACLs, you may >> want to look into separate instances (heck they're free). >> >> [1] >> >> http://wiki.apache.org/jackrabbit/DavidsModel#Rule_.233:_Workspaces_are_for_clone.28.29.2C_merge.28.29_and_update.28.29 >> . >> >> >> >> -- >> View this message in context: >> http://apache-sling.73963.n3.nabble.com/Help-Advice-Required-tp3793651p3793724.html >> Sent from the Sling - Users mailing list archive at Nabble.com. >>
