jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@day.com>
Subject Re: Workspace access denied exception
Date Wed, 02 Jun 2010 08:08:21 GMT
W Wilson wrote:
> Apologises in advance if this has already been covered but i have searched
> extensively to try to solve my current problem. 
> 
> I have just started using Jackrabbit and JCR2.0. Following some of the
> simple examples referred to in this forum i wanted to set up a simple ACL
> example. Login as admin, create a node, create a user, enable that user to
> add to the admins node.
> 
> I have modified the repository xml file to include the
> DefaultSecurityManager. DefaultAccessManager and the DefaultLoginModule:
> 
> <Security appName="Jackrabbit">    	
>   <SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager"
> workspaceName ="security"/>   
>   <AccessManager
> class="org.apache.jackrabbit.core.security.DefaultAccessManager" />
>   <LoginModule
> class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
>     
>   </LoginModule>        
> </Security>
> 
> Here are some snippets of the code im trying:
> 
> InitialContext initialContext = new InitialContext(env);
> RegistryHelper.registerRepository(initialContext, "repo", configFile,
> repHomeDir, true);
> repository = (Repository)initialContext.lookup("repo");
> 			
> SimpleCredentials credentials = new SimpleCredentials("admin",
> "admin".toCharArray());			
> session = repository.login(credentials);
> Node root = session.getRootNode();
> root.addNode("test node");
> 			
> UserManager um = ((JackrabbitSession)session).getUserManager();
> String userName = "jon";
> String pwd = "doe";
> User user = (User)um.getAuthorizable(userName);
> if(user == null)
> {
> 	user = um.createUser("jon", "doe");
> }				
> 			
> Node testNode = root.getNode("test node");
> System.out.println("Test node");
> Utils.dump(testNode);
> 			
> // Assign ACL to user w.r.t testNode
> AccessControlManager acm = session.getAccessControlManager();
> AccessControlPolicyIterator it =
> acm.getApplicablePolicies(testNode.getPath());
> while(it.hasNext())
> {
> 	AccessControlPolicy acp = it.nextAccessControlPolicy();
> 	Privilege[] privileges = new
> Privilege[]{acm.privilegeFromName(Privilege.JCR_WRITE)};
> 	((AccessControlList)acp).addAccessControlEntry(new
> PrincipalImpl(user.getID()), privileges);
> 	acm.setPolicy(testNode.getPath(), acp);
> }
> 
> System.out.println("\nRepository after permissions change");
> Utils.dump(testNode);
> session.save();
> 			
> userSession = repository.login(user.getCredentials()); ***
> Node anonRoot = userSession.getRootNode();
> System.out.println("\nRepository contents from jon doe");            
> Utils.dump(anonRoot);
> 			
> // Output after delete
> Utils.removeAllNodesWithName("test node", session);
> System.out.println("\nRepository contents post delete");
> Utils.dump(root);
> 
> Unfortunately the code is failing at ***
> 
> javax.jcr.LoginException: Workspace access denied.
> 
>>>From printouts of the actual node it appears that the user has been added to
> the ACL for test node but not to the workspace?

in the setup you configured the users are being created in a
separate workspace which is then used by all workspaces to
retrieve users and groups.

then, workspace access is asserted by the wsp-access-mgr. unless
configured otherwise, the defaultsecuritymgr uses an impl. that
checks if the root node of that workspace can be read. there is
another impl. that always allows access.

and finally, the User#getCredentials is defined to be used for internal
validation process and should not be usable nor used for Repository#login.

hope that helps.
regards
angela

Mime
View raw message