jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: On the topic of JackRabbit group management.
Date Fri, 12 Aug 2011 12:34:14 GMT
hi guillaume

> I am currently looking at leveraging the features of the JackRabbit
> UserManager to be able to manage users, groups and give users
> administrator privileges for my application.
> First of all, is there an easy way to be able to list all users and
> all groups that have been created on the system?

yes.
if i remember correctly you can use a 'null' simple filter for a
common property such as rep:principalName to obtain a result
containing all authorizables for the specified search-type.

but as a general rule i would rather suggest to use a specific
query... if you have a huge amount of users and/or groups listing
all of them is probably not very useful.

> All the findAuthorizable methods on the UserManager are search
> oriented, so all I can think of is writing a wildcard search query for
> groups or users whose name is like *. Am I on the right track?

yes. see above.

> Also, it seems the Jackrabbit does not pre-create the administrators
> group by default.

that's correct. we initially had that and decided to get rid for
various reasons specifically as jackrabbit itself didn't had
any need for it and we decided that it was rather the responsibility
of an application on top of jackrabbit to define such a group.
in addition there is usually the need for various different
groups with some sort of administrative roles depending on the
type and complexity of the application... in order words: limit
the set of authorizables to built-in and avoid creating example
user/group(s).

> Please see the following test snippet written in
> Scala with ScalaTest. The test fails when trying to get the
> authorizable corresponding to the ADMINSTRATORS_NAME group.

yep. that's a leftover. the constant should have been marked
deprecated.

> I guess I can just create that group and add a user to it, but is that
> sufficient then to give that user all administrators privileges (i.e.
> the right to create other users and groups, etc...). If not, what else
> would I need to do?

if you need an 'administrators' group, the best solution was
to create it using UserManager#createGroup, then make sure
the corresponding principal is granted sufficient permissions
(according to your needs) and then add the required users to the
administrators group.

>        "The super user (i.e admin) should be able to create a user and
> her to the administrators group" in {
>      	  inSession(repository,superuser,password){session =>
>      	val um = session.getUserManager
>      	    um.getAuthorizable(SecurityConstants.ADMINISTRATORS_NAME) match{
>      	      case null =>  fail("The authorizable for the administrators
> group does not exist.")
>      	      case g : Group =>
>      	val newadmin = "newadmin"
>      	        g.addMember(um.createUser(newadmin,newadmin))

if you want to have a group, that can have members, you have to
call UserManager.createGroup

>      	      case _ =>  fail("The administrators authorizable is not a group")
>      	    }
>      	  }
>        }

regards
angela

Mime
View raw message