jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joel Feenstra <jrfee...@gmail.com>
Subject Re: Access control example
Date Tue, 27 Jul 2010 19:48:23 GMT
Thanks, I ran across that wiki and thought it was a bit incomplete.

I was able to get it configured so that a user has full access to a
subtree, but I'm not sure how to keep all other users from accessing
that subtree. My code looks something like:

            AccessControlManager acm = session.getAccessControlManager();
            AccessControlPolicyIterator it =
acm.getApplicablePolicies(homeNode.getPath());
            if (it.hasNext()) {
                AccessControlPolicy policy = it.nextAccessControlPolicy();
                if (policy instanceof AccessControlList) {
                    Privilege[] privileges = new Privilege[1];
                    privileges[0] = acm.privilegeFromName(Privilege.JCR_ALL);

((AccessControlList)policy).addAccessControlEntry(user.getPrincipal(),
privileges);
                    acm.setPolicy(homeNode.getPath(), policy);
                }
            }
            session.save();

Where "homeNode" is the node that "user" needs full access to but all
others should have no access to.

Thanks,
Joel

On Tue, Jul 27, 2010 at 3:37 PM, Alexander Klimetschek <aklimets@day.com> wrote:
>
> I am currently working on a wiki page for that:
> http://wiki.apache.org/jackrabbit/AccessControl
>
> Expect more in the coming days.
>
> Regards,
> Alex
>
> On Tue, Jul 27, 2010 at 15:51, Joel Feenstra <jrfeenst@gmail.com> wrote:
> > Hi,
> > I'm working on adding some authentication/authorization to our application
> > which uses Jackrabbit 2.1. How can I best control access to a node (and it's
> > children) so that one user has read/write access to the subtree, but all
> > other users don't have any access (not even read access).
> >
> > I've looked at using the principal based ACLProvider, but I can't find any
> > examples detailing how to actually use it.
> >
> > Thanks,
> > Joel
> > jrfeenst@gmail.com
> >
>
>
>
> --
> Alexander Klimetschek
> alexander.klimetschek@day.com

Mime
View raw message