I just have forget the configuration.

A jaas.config file directly in the repository folder.

Jackrabbit {
  org.apache.jackrabbit.core.security.authentication.DefaultLoginModule required anonymousId="anonymous" adminId="admin"

And the following for the security manager in the repository.xml file.

    <Security appName="Jackrabbit">

        <SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager" workspaceName="security"></SecurityManager>

        <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>

        <LoginModule class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
 <param name="anonymousId" value="anonymous"/>
              administrator user id (default value if param is missing is 'admin')
           <param name="adminId" value="admin"/>
              optional parameter 'principalProvider'.
              the value refers to the class name of the PrincipalProvider implementation.
           <!-- <param name="principalProvider" value="..."/> -->

Best regards,



On Fri, Dec 19, 2008 at 8:37 AM, Bertil Chapuis <bchapuis@day.com> wrote:
Hi Dave,

I just had made an example for that. There are probably better solutions but here is the code (works only with Jackrabbit):

        // admin session
        Repository repository = new TransientRepository();
        SessionImpl session = (SessionImpl) repository.login(new SimpleCredentials("admin", "admin".toCharArray()));
        // user management
        UserManager userManager = session.getUserManager();
        User anonymous = (User) userManager.getAuthorizable("anonymous");
        User user = (User) userManager.getAuthorizable("user");
        if (user == null) user = userManager.createUser("user", "user");

        // right management
        AccessControlManager accessControlManager = session.getAccessControlManager();
        // forbid the view of the restricted area to anonymous
        String restrictedArea = "/content/restrictedarea";
        AccessControlPolicyIterator restrictedPolicies = accessControlManager.getApplicablePolicies(restrictedArea);
        JackrabbitAccessControlList restrictedPolicy = (JackrabbitAccessControlList) restrictedPolicies.nextAccessControlPolicy();
        Privilege[] previewPrivileges = accessControlManager.getSupportedPrivileges(restrictedArea);
        // also possible to set a map of restrictions
        restrictedPolicy.addEntry(anonymous.getPrincipal(), previewPrivileges, false);
        accessControlManager.setPolicy(restrictedArea, restrictedPolicy);
        // apply the policy

If the node "/content/restrictedarea" exists in the repository, it will only  be seen by the authentified users.

Best Regards,

Bertil Chapuis

On Thu, Dec 18, 2008 at 9:46 PM, daveg0 <bagel10002000@googlemail.com> wrote:


I have just built and deployed JackRabbit 1.5 and now want to use some form
of Access Control on specific nodes.

Is there any documentation about this or examples? From trawling around the
source code, I can see that DefaultAccessManager, DefaultLoginModule,
UserManagerImpl and DefaultLoginModule could be useful, but how do I tie all
these together.

For example how do I populate the repository with Users initially, must I
use SimpleLogonModule to create the users and then switch over to the
DefaultLoginModule. How do I configure these components in repository.xml?


Dave Gough

View this message in context: http://www.nabble.com/Jackrabbit-1.5-Security-tp21080602p21080602.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.