The JCR Service provides a mechamism by which and implementation of JSR-170 can be used within Sakai.
The JCRService API
Allows consumers of the service to login to a JSR-170 implementation within Sakai and access the JCR via the
JSR-170 API more information about JSR-170 can be found at http://jackrabbit.apache.org/doc/arch/overview/jcrlevels.html
There is an implementation of the Above JCRService within sakai using JackRabbit. This implementation integrates directly within Sakai by providing a Sakai component that brings the JCR up using the Sakai database, and then iterfaces through a JAAS Login Manager and a JSR-170 Access manager so that users within Sakai may obtain a session within the JCR. The JCR consults the configured Acess Manager implementation to answer AuthZ questions with the AuthZGroup service. This service adds a number of locks to Sakai that represent the normal AuthZ assertions that a JCR performs.
Other components may use the JCRService API to login to the JCR service and this is done by one of three mechanisms.
- Login with credentials, where the username and password are provided on the request cycle. This is used in session less environments like webDav.
- Login using the currentUser. This would normally be used by services that are ultimately accessed by a user logged into a session.
- Login as system with a special credential, where the consuming component needs to perform some specially authorized access to the JCR.
- Login as anon, where there are null credentials or where there is no currentuser connected to the session.
The JCRService implementation avoids using session objects and does not require or force the creation of perisitant session objects (persistant in the database) however where the user has been authenticated on the request cycle using supplied credential, then a session object is created and bound to the thread.
Using the Jackrabbit WebDAV libraries there is a webDav implementation that has been tested on OSX and Windows XP that connects to the JCRService. This uses basic authentication and provides full support for the following standards.
- RFC 2518 (WebDAV - HTTP Extensions for Distributed Authoring)
- RFC 3253 (DeltaV - Versioning Extensions to WebDAV)
- RFC 3648 (Ordered Collections Protocol)
- RFC 3744 (Access Control Protocol)
- DAV Searching and Locating (DASL)
In addition this library defines (unspecified)
- Bundling multiple request with extensions to locking
Admin users may see all workspaces and repositories within the JCR, normal users may only see the site subtrees within the sakai workspace that they are a member of.
Currently the repostiory has one workspace sakai that contains all sakai nodes. Under this there are nodes 1 per site using the site guid. Under that there should be the content of all tools that use the JCRService for content in that site. Hence the EmailArchive tool will use a repository space like
And wiki will use
and Resources might use