jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Meschberger <fmesc...@gmail.com>
Subject Re: Jackrabbit 1.5 Security
Date Fri, 19 Dec 2008 13:51:32 GMT
Thanks for the update and relieve ;-)

Regards
Felix

Bertil Chapuis schrieb:
> Hi Felix,
> 
> Your are right. I have run the example without the jaas.config file and it
> works.
> 
> Regards,
> 
> Bertil
> 
> 
> 
> 
> On Fri, Dec 19, 2008 at 8:57 AM, Felix Meschberger <fmeschbe@gmail.com>wrote:
> 
>> Hi Bertil,
>>
>> Thanks for providing these examples.
>>
>> But your configuration setup confuses me: You really mean, that there
>> must be two identical configuration setups: Once in jaas.config and one
>> in repository.xml ?
>>
>> Regards
>> Felix
>>
>> Bertil Chapuis schrieb:
>>> I just have forget the configuration.
>>>
>>> A jaas.config file directly in the repository folder.
>>>
>>> Jackrabbit {
>>>   org.apache.jackrabbit.core.security.authentication.DefaultLoginModule
>>> required anonymousId="anonymous" adminId="admin"
>>> };
>>>
>>> And the following for the security manager in the repository.xml file.
>>>
>>>     <Security appName="Jackrabbit">
>>>
>>>         <SecurityManager
>>> class="org.apache.jackrabbit.core.DefaultSecurityManager"
>>> workspaceName="security"></SecurityManager>
>>>
>>>         <AccessManager
>>>
>> class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
>>>         <LoginModule
>>>
>> class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
>>>  <param name="anonymousId" value="anonymous"/>
>>>            <!--
>>>               administrator user id (default value if param is missing
>>> is 'admin')
>>>             -->
>>>            <param name="adminId" value="admin"/>
>>>            <!--
>>>               optional parameter 'principalProvider'.
>>>               the value refers to the class name of the
>>> PrincipalProvider implementation.
>>>            -->
>>>            <!-- <param name="principalProvider" value="..."/> -->
>>>         </LoginModule>
>>>     </Security>
>>>
>>>
>>> Best regards,
>>>
>>> Regards,
>>>
>>> Bertil
>>>
>>>
>>> On Fri, Dec 19, 2008 at 8:37 AM, Bertil Chapuis <bchapuis@day.com
>>> <mailto:bchapuis@day.com>> wrote:
>>>
>>>     Hi Dave,
>>>
>>>     I just had made an example for that. There are probably better
>>>     solutions but here is the code (works only with Jackrabbit):
>>>
>>>             // admin session
>>>             Repository repository = new TransientRepository();
>>>             SessionImpl session = (SessionImpl) repository.login(new
>>>     SimpleCredentials("admin", "admin".toCharArray()));
>>>
>>>             // user management
>>>             UserManager userManager = session.getUserManager();
>>>
>>>             User anonymous = (User)
>>>     userManager.getAuthorizable("anonymous");
>>>
>>>             User user = (User) userManager.getAuthorizable("user");
>>>             if (user == null) user = userManager.createUser("user",
>> "user");
>>>             // right management
>>>             AccessControlManager accessControlManager =
>>>     session.getAccessControlManager();
>>>
>>>             // forbid the view of the restricted area to anonymous
>>>             String restrictedArea = "/content/restrictedarea";
>>>             AccessControlPolicyIterator restrictedPolicies =
>>>     accessControlManager.getApplicablePolicies(restrictedArea);
>>>             JackrabbitAccessControlList restrictedPolicy =
>>>     (JackrabbitAccessControlList)
>>>     restrictedPolicies.nextAccessControlPolicy();
>>>             Privilege[] previewPrivileges =
>>>     accessControlManager.getSupportedPrivileges(restrictedArea);
>>>
>>>             // also possible to set a map of restrictions
>>>             restrictedPolicy.addEntry(anonymous.getPrincipal(),
>>>     previewPrivileges, false);
>>>
>>>             accessControlManager.setPolicy(restrictedArea,
>>>     restrictedPolicy);
>>>
>>>             // apply the policy
>>>             session.save();
>>>
>>>     If the node "/content/restrictedarea" exists in the repository, it
>>>     will only  be seen by the authentified users.
>>>
>>>     Best Regards,
>>>
>>>     Bertil Chapuis
>>>
>>>
>>>
>>>
>>>     On Thu, Dec 18, 2008 at 9:46 PM, daveg0
>>>     <bagel10002000@googlemail.com <mailto:bagel10002000@googlemail.com>>
>>>     wrote:
>>>
>>>
>>>         Hi,
>>>
>>>         I have just built and deployed JackRabbit 1.5 and now want to
>>>         use some form
>>>         of Access Control on specific nodes.
>>>
>>>         Is there any documentation about this or examples? From trawling
>>>         around the
>>>         source code, I can see that DefaultAccessManager,
>>>         DefaultLoginModule,
>>>         UserManagerImpl and DefaultLoginModule could be useful, but how
>>>         do I tie all
>>>         these together.
>>>
>>>         For example how do I populate the repository with Users
>>>         initially, must I
>>>         use SimpleLogonModule to create the users and then switch over
>>>         to the
>>>         DefaultLoginModule. How do I configure these components in
>>>         repository.xml?
>>>
>>>         regards,
>>>
>>>         Dave Gough
>>>
>>>
>>>         --
>>>         View this message in context:
>>>
>> http://www.nabble.com/Jackrabbit-1.5-Security-tp21080602p21080602.html
>>>         Sent from the Jackrabbit - Users mailing list archive at
>> Nabble.com.
>>>
>>>
> 

Mime
View raw message