jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: Using Jboss LdapLoginConfig and DefaultAccessManager
Date Fri, 10 Dec 2010 11:43:18 GMT
hi yusuf

i never tried that specific combination but as far as i know it should
work if you take care of the following:

the defaultsecuritymanager with default configuration
- uses usermanagement as defined by jackrabbit
- creates default users (admin, anonymous)
- sets up permissions for those default users and for
   the 'everyone' principal
- defines a workspaceaccessmanager that only allows to access a
   workspace if the root-node is readable to the user that is trying
   to login to the repository.

i assume that your loginconfig does not respect the system-users
setup in the default initialization process and thus you cannot login
as admin in order to set the permissions accordingly.

my guess would be that defining a less strict workspace-access-manager
should solve your problem e.g. the SimpleWorkspaceAccessManager that
allows workspace access everywhere.
this can be configured as part of the security manager configuration in
the repository xml:

    <Security appName="Jackrabbit">
         <SecurityManager ...>
             <<WorkspaceAccessManager 
class="org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager"/> 


hope that helps
angela

On 12/8/10 12:57 PM, Yusuf Aaji wrote:
> Hi,
>
> I have configure jackrabbit 2.1.2 as a jboss jca and used ldapLoginConfig
> for security. I was using the SimpleAccessManager and SimpleSecurityManager
> for security and all was fine.
>
> Now I need to put some security restrections on the nodes I tries the
> SimpleJBossAccessManager but it is not enough as I need specific ACL for
> each node.
>
> So, I guess I need to use the DefaultAccessManager. When I configure the
> repository to use the DefaultAccessManager and the DefaultSecurityManager
> without the DefaultLoginConfig as the loginConfig I'm using is defined in
> jboss login-config.xml I get this in the log:
>
> ...
> 14:46:31,936 INFO  [org.apache.jackrabbit.core.RepositoryImpl] created
> system workspace: security
> 14:46:31,936 INFO  [org.apache.jackrabbit.core.RepositoryImpl] Repository
> started
> 14:46:31,936 INFO  [org.apache.jackrabbit.core.TransientRepository]
> Transient repository initialized
> 14:46:31,936 INFO  [org.apache.jackrabbit.core.RepositoryImpl] initializing
> workspace 'security'...
> 14:46:33,026 INFO
> [org.apache.jackrabbit.core.persistence.bundle.ConnectionRecoveryManager]
> Database: Oracle / Oracle Database 10g Express Edition Release 10.2.0.1.0 -
> Production
> 14:46:33,027 INFO
> [org.apache.jackrabbit.core.persistence.bundle.ConnectionRecoveryManager]
> Driver: Oracle JDBC driver / 10.2.0.1.0XE
> 14:46:34,530 INFO  [org.apache.jackrabbit.core.query.lucene.MultiIndex]
> Created initial index for 1 nodes
> 14:46:34,533 INFO  [org.apache.jackrabbit.core.query.lucene.SearchIndex]
> Index initialized: /home/yusuf/repo/workspaces/security/index Version: 3
> 14:46:34,533 INFO  [org.apache.jackrabbit.core.RepositoryImpl] workspace
> 'security' initialized
> 14:46:34,551 INFO  [org.apache.jackrabbit.core.DefaultSecurityManager] init:
> *use JAAS login-configuration for gso*
> 14:46:34,618 INFO
> [org.apache.jackrabbit.core.security.user.UserManagerImpl] *Admin user does
> not exist.*
> 14:46:35,319 INFO
> [org.apache.jackrabbit.core.security.user.UserManagerImpl] ... *created
> admin user with id 'admin' and default pw.*
> 14:46:35,408 INFO  [org.apache.jackrabbit.core.DefaultSecurityManager]
> ... *created
> anonymous user with id 'anonymous' ...*
> 14:46:35,430 INFO  [org.apache.jackrabbit.core.RepositoryImpl]
> SecurityManager = class org.apache.jackrabbit.core.DefaultSecurityManager
> 14:46:36,387 INFO
> [org.apache.jackrabbit.core.security.authorization.acl.ACLProvider]
> *Administrators
> principal group is missing ->  omitting initialization of default permissions
> .*
> 14:46:36,475 INFO  [org.apache.jackrabbit.core.RepositoryImpl] Shutting down
> repository...
> 14:46:36,487 INFO  [org.apache.jackrabbit.core.RepositoryImpl] shutting down
> workspace 'wcm'...
> 14:46:36,488 INFO
> [org.apache.jackrabbit.core.observation.ObservationDispatcher] Notification
> of EventListeners stopped.
> 14:46:36,509 INFO  [org.apache.jackrabbit.core.query.lucene.SearchIndex]
> Index closed: /home/yusuf/repo/workspaces/wcm/index
> 14:46:36,539 INFO  [org.apache.jackrabbit.core.RepositoryImpl] workspace
> 'wcm' has been shutdown
> 14:46:36,539 INFO  [org.apache.jackrabbit.core.RepositoryImpl] shutting down
> workspace 'security'...
> 14:46:36,540 INFO
> [org.apache.jackrabbit.core.observation.ObservationDispatcher] Notification
> of EventListeners stopped.
> 14:46:36,631 INFO  [org.apache.jackrabbit.core.query.lucene.SearchIndex]
> Index closed: /home/yusuf/repo/workspaces/security/index
> 14:46:36,657 INFO  [org.apache.jackrabbit.core.RepositoryImpl] workspace
> 'security' has been shutdown
> 14:46:36,659 INFO  [org.apache.jackrabbit.core.RepositoryImpl] Repository
> has been shutdown
> 14:46:36,660 INFO  [org.apache.jackrabbit.core.TransientRepository]
> Transient repository shut down
> 14:46:36,660 INFO
> [org.apache.jackrabbit.jca.JCAManagedConnectionFactory.jcr/local] Failed to
> create session
> 14:46:36,660 INFO
> [org.apache.jackrabbit.jca.JCAManagedConnectionFactory.jcr/local]
> javax.jcr.LoginException: Workspace access denied
> 14:46:36,661 INFO
> [org.apache.jackrabbit.jca.JCAManagedConnectionFactory.jcr/local]     at
> org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1517)
> 14:46:36,661 INFO
> [org.apache.jackrabbit.jca.JCAManagedConnectionFactory.jcr/local]     at
> org.apache.jackrabbit.core.TransientRepository.login(TransientRepository.java:380)
> 14:46:36,661 INFO
> [org.apache.jackrabbit.jca.JCAManagedConnectionFactory.jcr/local]     at
> org.apache.jackrabbit.jca.JCAManagedConnectionFactory.openSession(JCAManagedConnectionFactory.java:153)
> 14:46:36,661 INFO
> [org.apache.jackrabbit.jca.JCAManagedConnectionFactory.jcr/local]     at
> org.apache.jackrabbit.jca.JCAManagedConnectionFactory.createManagedConnection(JCAManagedConnectionFactory.java:189)
> 14:46:36,661 INFO
> [org.apache.jackrabbit.jca.JCAManagedConnectionFactory.jcr/local]     at
> org.apache.jackrabbit.jca.JCAManagedConnectionFactory.createManagedConnection(JCAManagedConnectionFactory.java:181)
> 14:46:36,661 INFO
> [org.apache.jackrabbit.jca.JCAManagedConnectionFactory.jcr/local]     at
> org.jboss.resource.connectionmanager.InternalManagedConnectionPool.createConnectionEventListener(InternalManagedConnectionPool.java:584)
>
>
>
> So, can I use the DefaultAccessManager and the DefaultSecurityManager
> without the DefaultLoginConfig??

Mime
View raw message