jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cory Prowse <c...@prowse.com>
Subject DefaultAccessManager denies all access?
Date Wed, 28 Jul 2010 05:32:08 GMT
I too have been struggling with security access in JackRabbit 2.1.0 these past few days.

I am attempting a proof of concept which allows adding nodes and specifying which users/groups
can view them, so that only the nodes the currently logged in user has access to will be shown.

When I attempt to use DefaultAccessManager I get:
  javax.jcr.AccessDeniedException: cannot read item cafebabe-cafe-babe-cafe-babecafebabe

This is my config:
        <Security appName="Jackrabbit">
                <!-- <AccessManager class="org.apache.jackrabbit.core.security.simple.SimpleAccessManager"
/> -->
                <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"
/>

                <LoginModule class="org.apache.jackrabbit.core.security.simple.SimpleLoginModule">
                        <param name="anonymousId" value="ANONYMOUS" />
                </LoginModule>
        </Security>

This exception occurs when I ask the session for the root node.

Not quite following how to hook up security properly here, am I doing something obviously
wrong?

 -- Cory


On 28/07/2010, at 5:37 AM, Alexander Klimetschek wrote:

> I am currently working on a wiki page for that:
> http://wiki.apache.org/jackrabbit/AccessControl
> 
> Expect more in the coming days.
> 
> Regards,
> Alex
> 
> On Tue, Jul 27, 2010 at 15:51, Joel Feenstra <jrfeenst@gmail.com> wrote:
>> Hi,
>> I'm working on adding some authentication/authorization to our application
>> which uses Jackrabbit 2.1. How can I best control access to a node (and it's
>> children) so that one user has read/write access to the subtree, but all
>> other users don't have any access (not even read access).
>> 
>> I've looked at using the principal based ACLProvider, but I can't find any
>> examples detailing how to actually use it.
>> 
>> Thanks,
>> Joel
>> jrfeenst@gmail.com
>> 
> 
> 
> 
> -- 
> Alexander Klimetschek
> alexander.klimetschek@day.com


Mime
View raw message