Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@jackrabbit.apache.org
Received-SPF: pass (athena.apache.org: domain of arcassis@gmail.com designates
 209.85.221.194 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=rIV7A7arkvPq1pnFLG/rFbqFUId8L3kAwJkrdNhPzc0DgCZg1G9sInB9T2Kk2ey/Xr
         nOfDS848RKu+ayDmXOV6MHauK1VCbBoFOvqwqP2N+NFZJkWDUuXgFXSg18smef9zrO4z
         oFK3ZfNLkaj9t+DCb1boN1M9QnH7YMZvp0ovA=
MIME-Version: 1.0
In-Reply-To: <dc4e70a0908061129k75a8eaa8m726221684f737e45@mail.gmail.com>
References: <dc4e70a0908061129k75a8eaa8m726221684f737e45@mail.gmail.com>
Date: Fri, 7 Aug 2009 13:49:54 +0300
Message-ID: <dc4e70a0908070349n16aec854l5f7e2f8b22144fb8@mail.gmail.com>
Subject: Problem with SimpleAccessControl.setPolicy
From: "arcassis@gmail.com" <arcassis@gmail.com>
To: dev@jackrabbit.apache.org
Content-Type: multipart/alternative; boundary=0015175caa7c1ad8bd04708aff35

--0015175caa7c1ad8bd04708aff35
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

---------- Forwarded message ----------
From: arcassis@gmail.com <arcassis@gmail.com>
Date: Thu, Aug 6, 2009 at 9:29 PM
Subject: Problem with SimpleAccessControl.setPolicy
To: dev-info@jackrabbit.apache.org


Hello,

I'm using Jackrabbit in one of my projects  and now I've came to implement
the security part.

After some readings I've found out that the documentation from jsr283 is the
best starting point in implementing security in a Jackrabbit based project.

I need to set pairs of Principal-Privilege[] on a node, so I tried the
following:
SessionImpl s = rep.login(new SimpleCredentials("myUser",
"myPassword".toCharrArray()));
AccessControlManager acm = s.getAccessControlManager();

Principal p_myUser = new PrincipalImpl("myUser");
Privilege[] privs = new Privilege[] {acm.privilegeFromName("jcr:write")};
MyAccessControlList acl = new MyAccessControlList();
acl.addAccessControlEntry(p_myUser, privs);
acm.setPolicy(absPath, acl);
acm.setPolicy()

The problem is that setPolicy method, innvoked on SimpleAccessControlManager
throws always an exception - AccessControlException.
So the method is not implemented IN SimpleAccessControlManager, it's called
the method from AbstractAccessControlManager.

After all mentioned above I've tried the folowing:

Node theNode = s.getNode(absPath);
Node policy = theNode.addNode("rep:policy", "rep:ACL");
Node accessControlEntry = policy.addNode("ace1", "rep:GrantACE");
accessControlEntry.setProperty("rep:principalName", "ionel");
accessControlEntry.setProperty("rep:privileges", new String[]
{"jcr:write"});
accessControlEntry.setProperty("rep:nodePath", theNode.getPath());

but I get the folowing  exception:
javax.jcr.nodetype.ConstraintViolationException: node
/category_X/rep:policy: cannot add a child to a protected node.

The node that I want to set a Policy on is a rep:AccessControllable node
type.

So, how can I set an access control list on a node ?

I appreciate any help !

Thanks

Damian Daniel


-- 
Arcassis

--0015175caa7c1ad8bd04708aff35
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<br><br><div class=3D"gmail_quote">---------- Forwarded message ----------<=
br>From: <b class=3D"gmail_sendername"><a href=3D"mailto:arcassis@gmail.com=
">arcassis@gmail.com</a></b> <span dir=3D"ltr">&lt;<a href=3D"mailto:arcass=
is@gmail.com">arcassis@gmail.com</a>&gt;</span><br>
Date: Thu, Aug 6, 2009 at 9:29 PM<br>Subject: Problem with SimpleAccessCont=
rol.setPolicy<br>To: <a href=3D"mailto:dev-info@jackrabbit.apache.org">dev-=
info@jackrabbit.apache.org</a><br><br><br>Hello,<br><br>I&#39;m using Jackr=
abbit in one of my projects=A0 and now I&#39;ve came to implement the secur=
ity part.<br>
<br>After some readings I&#39;ve found out that the documentation from jsr2=
83 is the best starting point in implementing security in a Jackrabbit base=
d project.<br>
<br>I need to set pairs of Principal-Privilege[] on a node, so I tried the =
following:<br>SessionImpl s =3D rep.login(new SimpleCredentials(&quot;myUse=
r&quot;, &quot;myPassword&quot;.toCharrArray()));<br>AccessControlManager a=
cm =3D s.getAccessControlManager();<br>

<br>Principal p_myUser =3D new PrincipalImpl(&quot;myUser&quot;);<br>Privil=
ege[] privs =3D new Privilege[] {acm.privilegeFromName(&quot;jcr:write&quot=
;)};<br>MyAccessControlList acl =3D new MyAccessControlList();<br>acl.addAc=
cessControlEntry(p_myUser, privs);<br>

acm.setPolicy(absPath, acl);<br>acm.setPolicy()<br clear=3D"all"><br>The pr=
oblem is that setPolicy method, innvoked on SimpleAccessControlManager thro=
ws always an exception - AccessControlException.<br>So the method is not im=
plemented IN SimpleAccessControlManager, it&#39;s called the method from Ab=
stractAccessControlManager.<br>

<br>After all mentioned above I&#39;ve tried the folowing:<br><br>Node theN=
ode =3D s.getNode(absPath);<br>Node policy =3D theNode.addNode(&quot;rep:po=
licy&quot;, &quot;rep:ACL&quot;);<br>Node accessControlEntry =3D policy.add=
Node(&quot;ace1&quot;, &quot;rep:GrantACE&quot;);<br>

accessControlEntry.setProperty(&quot;rep:principalName&quot;, &quot;ionel&q=
uot;);<br>accessControlEntry.setProperty(&quot;rep:privileges&quot;, new St=
ring[] {&quot;jcr:write&quot;});<br>accessControlEntry.setProperty(&quot;re=
p:nodePath&quot;, theNode.getPath());<br>

<br>but I get the folowing=A0 exception:<br>javax.jcr.nodetype.ConstraintVi=
olationException: node /category_X/rep:policy: cannot add a child to a prot=
ected node.<br><br>The node that I want to set a Policy on is a rep:AccessC=
ontrollable node type.<br>

<br>So, how can I set an access control list on a node ?<br><br>I appreciat=
e any help !<br><br>Thanks<br><br>Damian Daniel
</div><br><br clear=3D"all"><br>-- <br>Arcassis<br>

--0015175caa7c1ad8bd04708aff35--