Re: [xwiki-devs] What is the right way to implement XWiki custom permission check in java code?

Hi Andrey, I would not advice to reimplement the ContextualAuthorizationManager, since it only provide context to the AuthorizationManager, and there is probably no need for you to change that part. I would not even advice to reimplement the AuthorizationManage (since the way it works provide some useful caching mechanism using the security cache), unless you really want to revamp the way rights are managed. This could be a lot of work, while there is a lot of room for customizing rights and the way these are interpreted. The AuthorizationSettler, which receive information from the wiki (security rules) and take the decision is probably the easiest place where you can change the way decision are taken. Moreover, this one is configurable in xwiki.properties, see http://extensions.xwiki.org/xwiki/bin/view/Extension/Security+Module#HRight… . If your need is better solved by injecting custom security rules, you may also want to override the bridge part. The security module is completely agnostic to XWiki itself, and the junction is made by the security bridge module. This where you will found the default SecurityEntryReader. When you need to override a component that does not have a dedicated configuration, during your development or when installed as an extension, you have to unregister the existing component (to be polite), and register yours in replacement, see http://extensions.xwiki.org/xwiki/bin/view/Extension/Component+Module#HComp… about component registration. If you end up packaging the component in a custom war, you may want to use the priority override solution, as describe in http://extensions.xwiki.org/xwiki/bin/view/Extension/Component+Module#HOver… I hope this answer your questions, I encourage you to read the Javadoc of the security module for explanation about each roles and how they could influence the whole system, as I said, a lot can be done without having to rewrite the whole thing, which is a tough task. Regards, On Tue, Apr 12, 2016 at 10:16 AM, abtv <andreybutov(a)mail.ru> wrote: -- Denis Gervalle SOFTEC sa - CEO