resolving this issue fixed. the former PrivilegeRegistry has been split into
a per-session PrivilegeManager and a repository unique PrivilegeRegistry.
Those methods of PrivilegeRegistry that relied on Session-level namespace
mappings got deprecated. The corresponding methods on PrivilegeManager
should be used instead.
The new privilege manager is exposed as interface in
It provides methods to retrieve existing privileges and register new custom
privileges and aggregates of custom and built-in privileges. Registration of new
privileges works similar to namespace or node type registration as it requires
no Session.save() call and the new privileges are immediately effective on
the repository level.
Note however, that Jackrabbit internal permission evaluation does not take
custom privileges into account. Applications that want to make use of the access
control evaluation associated with custom privileges are in charge of the
corresponding validation. Up to now un-registration of custom privileges is
The PrivilegeManager may be obtained by calling
JackrabbitWorkspace.getPrivilegeManager() which similar to Workspace#getNodeTypeManager() reflects the fact changes don't require a Session.save in order to be persisted.
In order to register custom privileges a given editing Session must be allowed
to manage privileges. This permission may be granted by editing the repository
level access control using a 'null' path (see also
JCR-2774 for details).