jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: Creating users
Date Wed, 21 Sep 2011 07:50:31 GMT
hi francisco

it seems to me that the principal resolution doesn't work
properly. that's why you get an access control exception
upon editing ACLs and cannot login to the repo.

i assume that you are using a default repository setup
without specifying custom principal providers. is that

> The object um is a UserManagerImpl object obtained through an admin session:
> new UserManagerImpl((SessionImpl) session, "admin")

that's probably the culprit.

you should use

if (session instanceof JackrabbitSession) {
    UserManager umgr = ((JackrabbitSession) session).getUserManager();

instead of manually creating the user manager instance and
relying on a specific implementation.

the explanation was as simple as that:
unless specified otherwise the DefaultSecurityManager builds a
security setup that stores users in a separate workspace. all
the depending modules (login, ac evaluation etc) then rely on
that setup... however, if you create the user manager instance
manually you simply store the users in the workspace of the
editing session -> the user nodes exist but the principal
provider (and the user-manager you would obtain from the
session) look for them in a different place/workspace.

if you wish to keep the users separate for each workspace instead
of keeping them in a dedicated workspace you can use the alternative
implementation (-> UserPerWorkspaceSecurityManager).
but still you should refrain from creating the user manager instance
manually and use the API instead.

hope that helps

View raw message