...
- initiate discussion with ModeShape team to open privilege provider configuration to custom implementations
- implement custom privilege provider utilizing existing Magnolia users/groups/roles/ACLs.
- find out best solution to reading all privilege info from repository during user authentication process and compiling privileges to make checking as fast as possible.
- privilege provider has unsupervised access to the workspace to which session is bound, however our privileges are scattered over 3 workspaces. Therefore we need to retrieve permissions at the login time as done currently, compile them for efficient checking and keep associated with the user for the duration of the user login.
- currently we have 2 jaas chains. Since we want to use JCR to check for permissions, we should probably try to keep just one chain and authenticate on the JCR layer directly. (It is currently unclear if the only reason for 2 chains was to bypass JR authentication or if there was some other reason too ... if you know, please comment)