jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@day.com>
Subject Re: Problem with SimpleAccessControl.setPolicy
Date Fri, 07 Aug 2009 11:04:33 GMT
the SimpleAccessManager doesn't allow for ac-modification
as it is has a fixed set of ac rules.

similarly, the ac-related nodes/properties defined by the corresponding
nodetypes are designed so they cannot not manipulated manually
but only through the jsr 283 api.

if you want to be able to edit access control policies etc..
you may change the security config to use the DefaultSecurityManager.
then you are free to use any of the existing ac-manager implementions
or provide your custom one. similarly you can use one of the
existing ac-providers or define your custom provider.

the latter can be configured per workspace.

hope that helps
angela



arcassis@gmail.com wrote:
> Hello,
> 
> I'm using Jackrabbit in one of my projects  and now I've came to 
> implement the security part.
> 
> After some readings I've found out that the documentation from jsr283 is 
> the best starting point in implementing security in a Jackrabbit based 
> project.
> 
> I need to set pairs of Principal-Privilege[] on a node, so I tried the 
> following:
> SessionImpl s = rep.login(new SimpleCredentials("myUser", 
> "myPassword".toCharrArray()));
> AccessControlManager acm = s.getAccessControlManager();
> 
> Principal p_myUser = new PrincipalImpl("myUser");
> Privilege[] privs = new Privilege[] {acm.privilegeFromName("jcr:write")};
> MyAccessControlList acl = new MyAccessControlList();
> acl.addAccessControlEntry(p_myUser, privs);
> acm.setPolicy(absPath, acl);
> acm.setPolicy()
> 
> The problem is that setPolicy method, innvoked on 
> SimpleAccessControlManager throws always an exception - 
> AccessControlException.
> So the method is not implemented in SimpleAccessControlManager, the one 
> from from AbstractAccessControlManager it's called.
> 
> After all mentioned above I've tried the folowing:
> 
> Node theNode = s.getNode(absPath);
> Node policy = theNode.addNode("rep:policy", "rep:ACL");
> Node accessControlEntry = policy.addNode("ace1", "rep:GrantACE");
> accessControlEntry.setProperty("rep:principalName", "ionel");
> accessControlEntry.setProperty("rep:privileges", new String[] 
> {"jcr:write"});
> accessControlEntry.setProperty("rep:nodePath", theNode.getPath());
> 
> but I get the folowing  exception:
> javax.jcr.nodetype.ConstraintViolationException: node 
> /category_X/rep:policy: cannot add a child to a protected node.
> 
> The node that I want to set a Policy on is a rep:AccessControllable 
> mixin type.
> 
> So, how can I set an access control list on a node ?
> Any further documentation regarding the Access Control in Jackrabbit 
> would be very useful.
> 
> I appreciate any help !
> 
> Thanks
> 
> Damian Daniel


Mime
View raw message