Justin, Thanks for the link :) I will bare that in mind next time!.
Eren On 5 March 2012 15:38, Justin Edelson <[email protected]> wrote: > Eren- > I would recommend that you read How to Ask Questions The Smart Way: > http://www.catb.org/~esr/faqs/smart-questions.html > > And suggest that you start by posting a single question per thread. > That'll be less confusing for everyone. > > In general, when building multi-tenant applications on top of JCR, you > need to be very careful not to expose too much of the JCR surface to > your tenants. While the access control features of JCR make it very > well-suited to multi-tenant applications, there are lots of globals > which need to be shared across tenants. The most obvious one is users > - a single Jackrabbit repository typically has a single set of > users[1]. As such, you will probably want to create a tenant-aware > service layer on top of the Jackrabbit User Manager to, for example, > prefix user ids with the tenant name. This likely also means you'll > need to do some abstraction around access control as well. > > Justin > > [1] Jackrabbit does support the notion of separate user lists per > workspace. See > http://comments.gmane.org/gmane.comp.apache.jackrabbit.user/17269 > for some discussion > > > On Fri, Mar 2, 2012 at 12:13 PM, Eren Erdemli <[email protected]> > wrote: > > First of all thanks for your quick response, > > > > As admin I mean administrator for given domain who should be able to > > administer nodes and the users of that domain maybe tie them into a jcr > > group? > > > > How would you automate the acl on user creation and tie them up to paths > of > > domain. > > > > Can we use event listeners for user creation? > > > > And as per workspace and Davids advice it seems like a no go! > > > > Regards > > Eren > > On Mar 2, 2012 3:10 PM, "maikhorma" <[email protected]> wrote: > > > >> > >> Eren Erdemli wrote > >> > > >> > *Admin User :* How Would you Separate Admin Users Per Domain? What is > the > >> > recommended Approach! > >> > > >> > >> Kind of depends on what you want your "admin" to be able to do. If > you're > >> talking specifically the jackrabbit admin account I don't think you can > >> create multiple of those. You may just want to use a separate sling > >> instance for each domain. If you just mean an account that has full > access > >> to their domain's content, that can be done with a jackrabbit user and > acl > >> entries. > >> > >> > >> Eren Erdemli wrote > >> > > >> > *Customers/Portal Users:* What will be the recommended way of handling > >> > portal users Create JCR Users? of Keep them elsewhere as Nodes? > >> > especially when creating nodes under /orders, reviews etc.. > >> > > >> > >> I would use jackrabbit users if possible. Otherwise you'll be > implementing > >> basic security features in your code rather than just letting the > >> repository > >> do its job. > >> > >> > >> > >> Eren Erdemli wrote > >> > > >> > If Using JCR Users how should I handle the Access rights? Can we use > >> > PostProcessors? > >> > > >> If using JCR User, by default users will not be able to access content > if > >> they don't have the proper acl defined. They can't search for it, for > all > >> they know it doesn't exist, so the code tied to that resource will never > >> get > >> called. > >> > >> > >> > >> Eren Erdemli wrote > >> > > >> > Would you recommend using Workspace Per Domain if so how can we > achieve > >> > this WorkspaceFilter seems like a good option are there any > disadvantages > >> > to this? > >> > > >> > >> See David's Model [1] for caution on using workspaces that way. If you > >> can't implement what you want using separate node trees and ACLs, you > may > >> want to look into separate instances (heck they're free). > >> > >> [1] > >> > >> > http://wiki.apache.org/jackrabbit/DavidsModel#Rule_.233:_Workspaces_are_for_clone.28.29.2C_merge.28.29_and_update.28.29 > >> . > >> > >> > >> > >> -- > >> View this message in context: > >> > http://apache-sling.73963.n3.nabble.com/Help-Advice-Required-tp3793651p3793724.html > >> Sent from the Sling - Users mailing list archive at Nabble.com. > >> >
