jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Seiber" <todd.sei...@gmail.com>
Subject Re: Jackrabbit 1.5 Security help required
Date Mon, 22 Dec 2008 02:05:00 GMT
I too am looking forward to ditching my own implementation for this standard
implementation.

Without knowing all the ins and outs of this release I may be able to shed
some light on things. The principals in Jackrabbit implement
java.security.Principal (
http://java.sun.com/j2se/1.4.2/docs/api/java/security/Principal.html). This
includes the getName() method which is used as a unique identifier for this
particular principal. So a group and a user probably will not be able to
have the same name.

ACEs are typically implemented with separate allow and deny entries. Setting
an allow flag to true or false will not toggle an ACE but rather create an
allow entry as well as a deny entry.

Again I'm not sure of how everything works but try casting the
JackrabbitAccessControlList into something that supports a methods such as
removeAccessControlEntry(AccessControlEntry ace).



On Sun, Dec 21, 2008 at 2:44 PM, daveg0 <bagel10002000@googlemail.com>wrote:

>
> Hi,
>
> I am trying to learn the security API in Jackrabbit 1.5. I have managed to
> create a couple of users and allocate privileges to them. I have peformed a
> query and the privileges appear to be honoured. However I tried to remove
> the privileges and they would not disappear, here is some example code:
>
> I am missing a few utility methods, but you can see what I am trying to do.
>
> I also don't understand how to create a group. It seems the only way to do
> this is via createGroup(Principle) but then this throws an exception about
> an existing authorizable with that name, so I can't see how to create a
> group. The getAuthorizable(String id) also seems to return a user with a
> matching name and will never return a group with the same name (if one
> could
> be created).
>
> I must be missing something,
>
> regards,
>
> Dave
>    @Test
>    public void testPortalPrivileges() throws Exception {
>        SessionImpl adminSession = (SessionImpl) getAdminSession();
>        UserManager userManager = adminSession.getUserManager();
>
>        Group portalGroup = null;
>
>        User portalUser = (User) userManager.getAuthorizable("portalGroup");
>        if (portalUser != null) {
>            // Not understanding how groups/users are managed???
>            // portalUser = userManager.createUser("portalGroup",
>            // "portalGroup");
>            // portalGroup =
> userManager.createGroup(portalUser.getPrincipal(),
>            // "/portal");
>        }
>
>        AccessControlManager accessControlManager =
> adminSession.getAccessControlManager();
>        Privilege[] privs = {
> accessControlManager.privilegeFromName(Privilege.JCR_READ) };
>
>        Session userSession = getUserSession(portalUser);
>        System.out.println("Query before privs granted..");
>        showQuery(userSession,
> "//portal/portal/pages//element(*,atom:Entry)");
>
>        addPrivileges(adminSession, portalPath, portalUser, privs);
>
>        System.out.println("Query after privs granted..");
>        showQuery(userSession,
> "//portal/portal/pages//element(*,atom:Entry)");
>
>        removePrivileges(adminSession, portalPath, portalUser, privs);
>
>        System.out.println("Query after privs removed..");
>        showQuery(userSession,
> "//portal/portal/pages//element(*,atom:Entry)");
>
>    }
>
>
>    protected void addPrivileges(SessionImpl adminSession, String path,
> Authorizable auth, Privilege[] privs) throws
> UnsupportedRepositoryOperationException, RepositoryException {
>        setPrivileges(adminSession, path, auth, privs, true);
>    }
>
>     protected void removePrivileges(SessionImpl adminSession, String path,
>        Authorizable auth, Privilege[] privs) throws
>        UnsupportedRepositoryOperationException, RepositoryException {
>        setPrivileges(adminSession, path, auth, privs, false);
>     }
>
>    protected void setPrivileges(SessionImpl adminSession, String path,
> Authorizable auth, Privilege[] privs, boolean allow) throws
> UnsupportedRepositoryOperationException, RepositoryException {
>        AccessControlManager accessControlManager =
> adminSession.getAccessControlManager();
>        AccessControlPolicyIterator restrictedPolicies =
> accessControlManager.getApplicablePolicies(path);
>        JackrabbitAccessControlList controlList =
> (JackrabbitAccessControlList) restrictedPolicies.nextAccessControlPolicy();
>        controlList.addEntry(auth.getPrincipal(), privs, allow);
>        accessControlManager.setPolicy(path, controlList);
>        adminSession.save();
>    }
>
> The privileges are added, but not removed
>
> --
> View this message in context:
> http://www.nabble.com/Jackrabbit-1.5-Security-help-required-tp21118423p21118423.html
> Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
>
>


-- 
Todd Seiber
830 Fishing Creek Rd.
New Cumberland, PA 17070

h. 717-938-5778
c. 717-497-1742
e. todd.seiber@gmail.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message