jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vidar Ramdal" <vi...@idium.no>
Subject Limiting child node access in Jackrabbit 1.5
Date Wed, 21 May 2008 09:15:39 GMT
I want to set access control policies so that a parent node (e.g.
/node) is readable for Everyone, but a child node (/node/childnode) is
only readable for specific principals.

So I grant READ to Everyone on the parent node. This renders /node and
the entire subtree readable for everyone. Next, I want to specify
NO_PRIVILEGES for Everyone on the protected child node, and grant READ
access to a specific user on the child node:

session.getAccessControlManager().addAccessControlEntry("/node", new
new PrincipalImpl("everyone"),
new PrincipalImpl("specificuser"),

However, this strategy fails on line #2, with the following stacktrace:
	at org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry.getBits(PrivilegeRegistry.java:114)
	at org.apache.jackrabbit.core.security.authorization.acl.ACLEditor.addAccessControlEntry(ACLEditor.java:198)
	at org.apache.jackrabbit.core.security.DefaultAccessManager.addAccessControlEntry(DefaultAccessManager.java:389)

PrivilegeRegistry.getPrivileges(0) returns an emtpy Privileges[]
array. This causes PrivilegeRegistry.getBits() to throw an exception,
because (PrivilegeRegistry lines 113..115):
        if (privileges == null || privileges.length == 0) {
            throw new AccessControlException();

So is this a bug, or is there another recommended way of achieving my
goal: Having a publicly accessible parent node, and a protected child

Vidar S. Ramdal <vidar@idium.no> - http://www.idium.no
Akersgata 16, N-0158 Oslo, Norway

View raw message