jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Zdila <m.zd...@mwaysolutions.com>
Subject Re: Limiting child node access in Jackrabbit 1.5
Date Thu, 22 May 2008 07:49:11 GMT
hi

cca

final NodeTypeDef ntd = new NodeTypeDef();
ntd.setChildNodeDefs(new NodeDefImpl[] {nodeDef});
ntd.setName(nodeTypeName);

...

final NodeDefImpl nodeDef = new NodeDefImpl();
nodeDef.setName(name);
nodeDef.setDeclaringNodeType(declaringNodeType);
nodeDef.setDefaultPrimaryType(defPrimType);
nodeDef.setAllowsSameNameSiblings(true);

...

((NodeTypeManagerImpl) workspace.getNodeTypeManager()).getNodeTypeRegistry().registerNodeType(ntd);

cu

On Thu 22. May 2008 09:27:13 Vidar Ramdal wrote:
> Does no-one really know how to achieve this?
> Maybe Angela Schreiber, who apparently is doing the
> authentication/authorization work for Jackrabbit 1.5, could give me a
> hint?
> Any information is valuable to me - if it's not possible to do this,
> I'd like to hear that as well.
>
> On Wed, May 21, 2008 at 11:15 AM, Vidar Ramdal <vidar@idium.no> wrote:
> > I want to set access control policies so that a parent node (e.g.
> > /node) is readable for Everyone, but a child node (/node/childnode) is
> > only readable for specific principals.
> >
> > So I grant READ to Everyone on the parent node. This renders /node and
> > the entire subtree readable for everyone. Next, I want to specify
> > NO_PRIVILEGES for Everyone on the protected child node, and grant READ
> > access to a specific user on the child node:
> >
> > session.getAccessControlManager().addAccessControlEntry("/node", new
> > PrincipalImpl("everyone"),
> > PrivilegeRegistry.getPrivileges(PrivilegeRegistry.READ));
> > session.getAccessControlManager().addAccessControlEntry("/node/childnode"
> >, new PrincipalImpl("everyone"),
> > PrivilegeRegistry.getPrivileges(PrivilegeRegistry.NO_PRIVILEGE));
> > session.getAccessControlManager().addAccessControlEntry("/node/childnode"
> >, new PrincipalImpl("specificuser"),
> > PrivilegeRegistry.getPrivileges(PrivilegeRegistry.READ));
> >
> > However, this strategy fails on line #2, with the following stacktrace:
> > org.apache.jackrabbit.api.jsr283.security.AccessControlException
> >        at
> > org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry.getBi
> >ts(PrivilegeRegistry.java:114) at
> > org.apache.jackrabbit.core.security.authorization.acl.ACLEditor.addAccess
> >ControlEntry(ACLEditor.java:198) at
> > org.apache.jackrabbit.core.security.DefaultAccessManager.addAccessControl
> >Entry(DefaultAccessManager.java:389)
> >
> > PrivilegeRegistry.getPrivileges(0) returns an emtpy Privileges[]
> > array. This causes PrivilegeRegistry.getBits() to throw an exception,
> > because (PrivilegeRegistry lines 113..115):
> >        if (privileges == null || privileges.length == 0) {
> >            throw new AccessControlException();
> >        }
> >
> > So is this a bug, or is there another recommended way of achieving my
> > goal: Having a publicly accessible parent node, and a protected child
> > node?



-- 
Martin Zdila 
CTO

M-Way Solutions Slovakia s.r.o.
Letna 27, 040 01 Kosice
Slovakia

tel:+421-908-363-848
mailto:m.zdila@mwaysolutions.com
http://www.mwaysolutions.com
xmpp:zdila@jabbim.sk (Jabber)
skype:m.zdila

Mime
View raw message