I'm developing custom security scheme for web application based on Apache Jackrabbit. I've extended standard Jackrabbit security implementation for my needs, and so far it's working correctly. But, I'm having problems with multiple principals being assigned permissions on a node.
For example, user U is a member of group G. Groups G has no read permissions on a node, but user U has read permissions. What I mean by this is, group G has jcr:read
privilege set to deny
, and user U has jcr:read
set to allow
on a node.
Based on this, I would assume that user U would be able to read the node, even if he is a member of a group which is not allowed to read. However, the node does not show up for a user U (not expected), or for any other member of group G (expected).
Could somebody help me shed some light on this? Is my assumption correct, or does Jackrabbit calculate actual permissions differently? Or is this just an error in my security implementation?
Privilege[] AccessControlManager.getPrivileges(String absPath)
to get all privillés for the current session on the node – Aroniaina