Return-Path: 
 <users-return-9966-apmail-jackrabbit-users-archive=jackrabbit.apache.org@jackrabbit.apache.org>
Delivered-To: apmail-jackrabbit-users-archive@locus.apache.org
Received: (qmail 20847 invoked from network); 19 Dec 2008 08:12:28 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 19 Dec 2008 08:12:28 -0000
Received: (qmail 28996 invoked by uid 500); 19 Dec 2008 08:12:39 -0000
Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org
Received: (qmail 28980 invoked by uid 500); 19 Dec 2008 08:12:39 -0000
Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@jackrabbit.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@jackrabbit.apache.org>
List-Post: <mailto:users@jackrabbit.apache.org>
List-Id: <users.jackrabbit.apache.org>
Reply-To: users@jackrabbit.apache.org
Delivered-To: mailing list users@jackrabbit.apache.org
Received: (qmail 28969 invoked by uid 99); 19 Dec 2008 08:12:39 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Dec 2008 00:12:39 -0800
X-ASF-Spam-Status: No, hits=2.4 required=10.0
	tests=HTML_MESSAGE,SPF_PASS,WHOIS_MYPRIVREG
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of bchapuis@day.com designates
 207.126.148.181 as permitted sender)
Received: from [207.126.148.181] (HELO eu3sys201aog001.obsmtp.com)
 (207.126.148.181)
    by apache.org (qpsmtpd/0.29) with SMTP; Fri, 19 Dec 2008 08:12:17 +0000
Received: from source ([209.85.198.247]) by eu3sys201aob001.postini.com
 ([207.126.154.11]) with SMTP
	ID DSNKSUtXS+Mj35CTLsOOUmTLcqWAV1YfAAya@postini.com;
 Fri, 19 Dec 2008 08:11:57 UTC
Received: by rv-out-0708.google.com with SMTP id b17so830828rvf.48
        for <users@jackrabbit.apache.org>;
 Fri, 19 Dec 2008 00:11:55 -0800 (PST)
Received: by 10.141.136.4 with SMTP id o4mr1468686rvn.13.1229674315033;
        Fri, 19 Dec 2008 00:11:55 -0800 (PST)
Received: by 10.140.114.2 with HTTP; Fri, 19 Dec 2008 00:11:54 -0800 (PST)
Message-ID: <c10bacd80812190011h5a66f758ja2398054b7c82622@mail.gmail.com>
Date: Fri, 19 Dec 2008 09:11:54 +0100
From: "Bertil Chapuis" <bchapuis@day.com>
To: users@jackrabbit.apache.org
Subject: Re: Jackrabbit 1.5 Security
In-Reply-To: <494B53D8.8040603@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_18938_15998441.1229674315022"
References: <21080602.post@talk.nabble.com>
	 <c10bacd80812182337v89b9906jaab2a63f9cd617e9@mail.gmail.com>
	 <c10bacd80812182348s45364d7cs53113b23ef0312ec@mail.gmail.com>
	 <494B53D8.8040603@gmail.com>
X-Virus-Checked: Checked by ClamAV on apache.org

------=_Part_18938_15998441.1229674315022
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi Felix,

Your are right. I have run the example without the jaas.config file and it
works.

Regards,

Bertil




On Fri, Dec 19, 2008 at 8:57 AM, Felix Meschberger <fmeschbe@gmail.com>wrote:

> Hi Bertil,
>
> Thanks for providing these examples.
>
> But your configuration setup confuses me: You really mean, that there
> must be two identical configuration setups: Once in jaas.config and one
> in repository.xml ?
>
> Regards
> Felix
>
> Bertil Chapuis schrieb:
> > I just have forget the configuration.
> >
> > A jaas.config file directly in the repository folder.
> >
> > Jackrabbit {
> >   org.apache.jackrabbit.core.security.authentication.DefaultLoginModule
> > required anonymousId="anonymous" adminId="admin"
> > };
> >
> > And the following for the security manager in the repository.xml file.
> >
> >     <Security appName="Jackrabbit">
> >
> >         <SecurityManager
> > class="org.apache.jackrabbit.core.DefaultSecurityManager"
> > workspaceName="security"></SecurityManager>
> >
> >         <AccessManager
> >
> class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
> >
> >         <LoginModule
> >
> class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
> >  <param name="anonymousId" value="anonymous"/>
> >            <!--
> >               administrator user id (default value if param is missing
> > is 'admin')
> >             -->
> >            <param name="adminId" value="admin"/>
> >            <!--
> >               optional parameter 'principalProvider'.
> >               the value refers to the class name of the
> > PrincipalProvider implementation.
> >            -->
> >            <!-- <param name="principalProvider" value="..."/> -->
> >         </LoginModule>
> >     </Security>
> >
> >
> > Best regards,
> >
> > Regards,
> >
> > Bertil
> >
> >
> > On Fri, Dec 19, 2008 at 8:37 AM, Bertil Chapuis <bchapuis@day.com
> > <mailto:bchapuis@day.com>> wrote:
> >
> >     Hi Dave,
> >
> >     I just had made an example for that. There are probably better
> >     solutions but here is the code (works only with Jackrabbit):
> >
> >             // admin session
> >             Repository repository = new TransientRepository();
> >             SessionImpl session = (SessionImpl) repository.login(new
> >     SimpleCredentials("admin", "admin".toCharArray()));
> >
> >             // user management
> >             UserManager userManager = session.getUserManager();
> >
> >             User anonymous = (User)
> >     userManager.getAuthorizable("anonymous");
> >
> >             User user = (User) userManager.getAuthorizable("user");
> >             if (user == null) user = userManager.createUser("user",
> "user");
> >
> >             // right management
> >             AccessControlManager accessControlManager =
> >     session.getAccessControlManager();
> >
> >             // forbid the view of the restricted area to anonymous
> >             String restrictedArea = "/content/restrictedarea";
> >             AccessControlPolicyIterator restrictedPolicies =
> >     accessControlManager.getApplicablePolicies(restrictedArea);
> >             JackrabbitAccessControlList restrictedPolicy =
> >     (JackrabbitAccessControlList)
> >     restrictedPolicies.nextAccessControlPolicy();
> >             Privilege[] previewPrivileges =
> >     accessControlManager.getSupportedPrivileges(restrictedArea);
> >
> >             // also possible to set a map of restrictions
> >             restrictedPolicy.addEntry(anonymous.getPrincipal(),
> >     previewPrivileges, false);
> >
> >             accessControlManager.setPolicy(restrictedArea,
> >     restrictedPolicy);
> >
> >             // apply the policy
> >             session.save();
> >
> >     If the node "/content/restrictedarea" exists in the repository, it
> >     will only  be seen by the authentified users.
> >
> >     Best Regards,
> >
> >     Bertil Chapuis
> >
> >
> >
> >
> >     On Thu, Dec 18, 2008 at 9:46 PM, daveg0
> >     <bagel10002000@googlemail.com <mailto:bagel10002000@googlemail.com>>
> >     wrote:
> >
> >
> >         Hi,
> >
> >         I have just built and deployed JackRabbit 1.5 and now want to
> >         use some form
> >         of Access Control on specific nodes.
> >
> >         Is there any documentation about this or examples? From trawling
> >         around the
> >         source code, I can see that DefaultAccessManager,
> >         DefaultLoginModule,
> >         UserManagerImpl and DefaultLoginModule could be useful, but how
> >         do I tie all
> >         these together.
> >
> >         For example how do I populate the repository with Users
> >         initially, must I
> >         use SimpleLogonModule to create the users and then switch over
> >         to the
> >         DefaultLoginModule. How do I configure these components in
> >         repository.xml?
> >
> >         regards,
> >
> >         Dave Gough
> >
> >
> >         --
> >         View this message in context:
> >
> http://www.nabble.com/Jackrabbit-1.5-Security-tp21080602p21080602.html
> >         Sent from the Jackrabbit - Users mailing list archive at
> Nabble.com.
> >
> >
> >
>

------=_Part_18938_15998441.1229674315022--