jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From daveg0 <bagel10002...@googlemail.com>
Subject Jackrabbit 1.5 Security help required
Date Sun, 21 Dec 2008 19:44:43 GMT

Hi,

I am trying to learn the security API in Jackrabbit 1.5. I have managed to
create a couple of users and allocate privileges to them. I have peformed a
query and the privileges appear to be honoured. However I tried to remove
the privileges and they would not disappear, here is some example code:

I am missing a few utility methods, but you can see what I am trying to do. 

I also don't understand how to create a group. It seems the only way to do
this is via createGroup(Principle) but then this throws an exception about
an existing authorizable with that name, so I can't see how to create a
group. The getAuthorizable(String id) also seems to return a user with a
matching name and will never return a group with the same name (if one could
be created).

I must be missing something,

regards,

Dave
    @Test
    public void testPortalPrivileges() throws Exception {
        SessionImpl adminSession = (SessionImpl) getAdminSession();
        UserManager userManager = adminSession.getUserManager();

        Group portalGroup = null;

        User portalUser = (User) userManager.getAuthorizable("portalGroup");
        if (portalUser != null) {
            // Not understanding how groups/users are managed???
            // portalUser = userManager.createUser("portalGroup",
            // "portalGroup");
            // portalGroup =
userManager.createGroup(portalUser.getPrincipal(),
            // "/portal");
        }

        AccessControlManager accessControlManager =
adminSession.getAccessControlManager();
        Privilege[] privs = {
accessControlManager.privilegeFromName(Privilege.JCR_READ) };

        Session userSession = getUserSession(portalUser);
        System.out.println("Query before privs granted..");
        showQuery(userSession,
"//portal/portal/pages//element(*,atom:Entry)");

        addPrivileges(adminSession, portalPath, portalUser, privs);

        System.out.println("Query after privs granted..");
        showQuery(userSession,
"//portal/portal/pages//element(*,atom:Entry)");

        removePrivileges(adminSession, portalPath, portalUser, privs);

        System.out.println("Query after privs removed..");
        showQuery(userSession,
"//portal/portal/pages//element(*,atom:Entry)");

    }


    protected void addPrivileges(SessionImpl adminSession, String path,
Authorizable auth, Privilege[] privs) throws
UnsupportedRepositoryOperationException, RepositoryException {
        setPrivileges(adminSession, path, auth, privs, true);
    }

     protected void removePrivileges(SessionImpl adminSession, String path,
        Authorizable auth, Privilege[] privs) throws
        UnsupportedRepositoryOperationException, RepositoryException {
        setPrivileges(adminSession, path, auth, privs, false);
     }

    protected void setPrivileges(SessionImpl adminSession, String path,
Authorizable auth, Privilege[] privs, boolean allow) throws
UnsupportedRepositoryOperationException, RepositoryException {
        AccessControlManager accessControlManager =
adminSession.getAccessControlManager();
        AccessControlPolicyIterator restrictedPolicies =
accessControlManager.getApplicablePolicies(path);
        JackrabbitAccessControlList controlList =
(JackrabbitAccessControlList) restrictedPolicies.nextAccessControlPolicy();
        controlList.addEntry(auth.getPrincipal(), privs, allow);
        accessControlManager.setPolicy(path, controlList);
        adminSession.save();
    }

The privileges are added, but not removed

-- 
View this message in context: http://www.nabble.com/Jackrabbit-1.5-Security-help-required-tp21118423p21118423.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.


Mime
View raw message