JSR-170 (JCR 1.0)
JSR-283 (JCR 2.0)
- Access Control Policies
- Abstract concept, no concrete meaning
- Access Control Entries
- Corresponds to a credential in Lenya
- Grants a set of privileges to a principal (user/group/role/…)
- Can only grant permissions, not revoke them
Examples
Set a policy on a node:
AccessControlManager acMgr = session.getAccessControlManager(); Privilege supportedPrivileges = acMgr.getSupportedPrivileges("/lenya"); Map<String,Privilege> name2privilege = mapNamesToPrivileges(supportedPrivileges); Privilege[] privileges = { name2privilege.get("jcr:read"), name2privilege.get("jcr:write") }; PrincipalManager principalMgr = session.getPrincipalManager(); Principal john = principalMgr.lookupPrincipal("john"); acMgr.addAccessControlEntry("/foo/bar", john, privileges);