jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lyn Goltz <go...@lat-lon.de>
Subject access control of properties
Date Fri, 12 Aug 2011 15:27:41 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi List,

I'm a newbie on jackrabbit and have some problems regarding the access control
(principal based) of properties.
My repository contains a node "/jrc" and there is one user who should have read
access but should not be allowed to write or modify properties. So, I've set the
privileges as follows:

Privilege[] privileges = { acMgr.privilegeFromName( Privilege.JCR_READ ) };
Map<String, Value> restrictions = new HashMap<String, Value>();
ValueFactory vf = adminsSession.getValueFactory();
restrictions.put( "rep:nodePath", vf.createValue( "/jrc", PropertyType.PATH ) );
// restrictions.put( "rep:glob", vf.createValue( "/*" ) );
list.addEntry( principal, privileges, true, restrictions );

// add read entry
Privilege[] denyPrivileges = { acMgr.privilegeFromName( Privilege.JCR_WRITE ),
                   acMgr.privilegeFromName( Privilege.JCR_MODIFY_PROPERTIES ) };
restrictions = new HashMap<String, Value>();
restrictions.put( "rep:nodePath", vf.createValue( "/jrc", PropertyType.PATH ) );
// restrictions.put( "rep:glob", vf.createValue( "/*" ) );
list.addEntry( principal, denyPrivileges, false, restrictions );

When I try to add a node, logged in as the restricted user, I get an
AccessDeniedException as I expected.

Session usersSession = rep.login( new SimpleCredentials( userId,
userId.toCharArray() ) );
Node rootNode = usersSession.getRootNode();
rootNode.addNode( "jrc:service", "jrc:Service" );
serviceNode.setProperty( "jrc:url", "newValue" );

But when I try to change the value of a property which is added by an admin user
this works without exception.

Node rootNode = usersSession.getRootNode();
Node serviceNode = rootNode.getNode( "jrc/jrc:service" );
serviceNode.setProperty( "jrc:url", "newValue" );

Does anyone have an idea?

Best regards,
Lyn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5FRm0ACgkQ/QSXMw31ZSufXgCfd4Z1gAcF6/ugIs+9kfdYeEM9
/qMAn2FPmNiks3HR3LRzQqlYrtev8VKT
=NAx8
-----END PGP SIGNATURE-----

Mime
View raw message