jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cory Prowse <c...@prowse.com>
Subject Re: DefaultAccessManager denies all access?
Date Wed, 28 Jul 2010 08:33:35 GMT
Ok got to the bottom of it by stepping through the running application.

You must have the following config for ACLs to work:
	<Security appName="Jackrabbit">
		<SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager" workspaceName="security"
/>

		<AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager" />

		<!-- This allows any username to login without password -->
		<LoginModule class="org.apache.jackrabbit.core.security.simple.SimpleLoginModule">
			<!-- Unauthenticated JAAS users are ANONYMOUS -->
			<param name="anonymousId" value="ANONYMOUS" />
			<param name="adminId" value="admin1" />
		</LoginModule>
	</Security>

Specifically the DefaultSecurityManager must be selected.

Now I'm just trying to determine why although I have ACLs specifying who can read, other users
can read as well.

 -- Cory

On 28/07/2010, at 4:08 PM, Cory Prowse wrote:

> Ah it is probably worth mentioning I am deplying the JCA of JackRabbit to Glassfish.
> 
> -- Cory
> 
> On 28/07/2010, at 3:32 PM, Cory Prowse wrote:
> 
>> I too have been struggling with security access in JackRabbit 2.1.0 these past few
days.
>> 
>> I am attempting a proof of concept which allows adding nodes and specifying which
users/groups can view them, so that only the nodes the currently logged in user has access
to will be shown.
>> 
>> When I attempt to use DefaultAccessManager I get:
>> javax.jcr.AccessDeniedException: cannot read item cafebabe-cafe-babe-cafe-babecafebabe
>> 
>> This is my config:
>>       <Security appName="Jackrabbit">
>>               <!-- <AccessManager class="org.apache.jackrabbit.core.security.simple.SimpleAccessManager"
/> -->
>>               <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"
/>
>> 
>>               <LoginModule class="org.apache.jackrabbit.core.security.simple.SimpleLoginModule">
>>                       <param name="anonymousId" value="ANONYMOUS" />
>>               </LoginModule>
>>       </Security>
>> 
>> This exception occurs when I ask the session for the root node.
>> 
>> Not quite following how to hook up security properly here, am I doing something obviously
wrong?
>> 
>> -- Cory
>> 
>> 
>> On 28/07/2010, at 5:37 AM, Alexander Klimetschek wrote:
>> 
>>> I am currently working on a wiki page for that:
>>> http://wiki.apache.org/jackrabbit/AccessControl
>>> 
>>> Expect more in the coming days.
>>> 
>>> Regards,
>>> Alex
>>> 
>>> On Tue, Jul 27, 2010 at 15:51, Joel Feenstra <jrfeenst@gmail.com> wrote:
>>>> Hi,
>>>> I'm working on adding some authentication/authorization to our application
>>>> which uses Jackrabbit 2.1. How can I best control access to a node (and it's
>>>> children) so that one user has read/write access to the subtree, but all
>>>> other users don't have any access (not even read access).
>>>> 
>>>> I've looked at using the principal based ACLProvider, but I can't find any
>>>> examples detailing how to actually use it.
>>>> 
>>>> Thanks,
>>>> Joel
>>>> jrfeenst@gmail.com
>>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> Alexander Klimetschek
>>> alexander.klimetschek@day.com
>> 
> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message