jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Seidel. Robert" <Robert.Sei...@aeb.de>
Subject AW: AW: AW: AW: New information about my last email...
Date Mon, 31 Jan 2011 12:58:31 GMT
Hi Javier,

each AccessControlEntry has a user (or principal), you can getPrincipal() to retrieve it.
The two privileges are the default privileges for the root node.

jcr:all - administrators
jcr:read - everyone

Your code failed with the new user, because the new user does not have the privilege jcr:readAccessControl
for the root node - so you got a denied exception.

To set a privilege, you have to call something like this - but you need the necessary privileges
to do so - so the best way would be to use an admin connection: 

    private void setPrivilegesWithoutCommit(JcrConnection connection,
            Authorizable auth, Node node, String[] privilegeNames)
            throws RepositoryException {
        if (privilegeNames.length < 1) {
            throw new IllegalArgumentException(
                    "The privilege names must not be empty.");
        }
        // determine privileges array
        AccessControlManager acm = connection.getSession().getAccessControlManager();
        List<Privilege> privList = new ArrayList<Privilege>();
        for (int i = 0; i < privilegeNames.length; ++i) {
            Privilege p = acm.privilegeFromName(privilegeNames[i]);
            privList.add(p);
        }
        Privilege[] privs = privList.toArray(new Privilege[privList.size()]);
        // set privileges
        AccessControlList acl = getAccessList(connection, node.getPath());
        acl.addAccessControlEntry(auth.getPrincipal(), privs);
        acm.setPolicy(node.getPath(), acl);
    }

Regards, Robert

-----Ursprüngliche Nachricht-----
Von: Javier Arias [mailto:jarias@ujaen.es] 
Gesendet: Montag, 31. Januar 2011 13:31
An: users@jackrabbit.apache.org
Betreff: Re: AW: AW: AW: New information about my last email...

Hi Robert, I have called it and I got the AccessControlList. Afther that
I have executed the following code:

AccessControlList acl = WebDAVServer.getAccessList();

AccessControlEntry[] ace = acl.getAccessControlEntries();

System.out.println("AccesControlEntry - Length: " + ace.length);

Privilege[] p0 = ace[0].getPrivileges();
Privilege[] p1 = ace[1].getPrivileges();

System.out.println("Privilege1: " + p0[0].getName());
System.out.println("Privilege2: " + p1[0].getName());

and I have got the following results:


AccesControlEntry - Length: 2
Privilege1: jcr:all
Privilege2: jcr:read

To run this example, I used the admin user. If I use a new created user,
get the follow exception:


javax.jcr.AccessDeniedException: Access denied at / at
org.apache.jackrabbit.core.security.DefaultAccessManager.checkPermission(DefaultAccessManager.java:475)
at org.apache.jackrabbit.core.security.DefaultAccessManager.getApplicablePolicies(DefaultAccessManager.java:326)

Should I login in as admin and change something in the instruction:
AccessControlPolicyIterator it =
acMngr.getApplicablePolicies(connection.getRootNode().getPath());  ?

Thank you for answering this endless thread.

Regards.


El vie, 28-01-2011 a las 13:22 +0100, Seidel. Robert escribió:
> Hi Javier,
> 
> here is some code snippet:
> 
> 	/**
> 	 * returns the access control list for the node path
> 	 * @param connection the connection to the jackrabbit repository
> 	 * @param path the node path
> 	 * @return access control list (applicable or set)
> 	 * @throws AccessDeniedException
> 	 * @throws RepositoryException
> 	 */
> 	private AccessControlList getAccessList(JcrConnection connection, String path) throws
AccessDeniedException, RepositoryException {
> 		AccessControlManager acMngr = connection.getSession().getAccessControlManager();
> 		AccessControlPolicyIterator it = acMngr.getApplicablePolicies(path);
> 		while(it.hasNext()) {
> 			AccessControlPolicy acp = it.nextAccessControlPolicy();
> 			if (acp instanceof AccessControlList) {
> 				return (AccessControlList) acp;
> 			}
> 		}
> 		AccessControlPolicy[] acps = acMngr.getPolicies(path);
> 		for (AccessControlPolicy accessControlPolicy : acps) {
> 			if (accessControlPolicy instanceof AccessControlList) {
> 				return (AccessControlList) accessControlPolicy;
> 			}
> 		}
> 		throw new RepositoryException("No AccessControlList at " + path);
> 	}
> 
> Regards, Robert
> 



Mime
View raw message