hi,
i'm not sure what's wrong, but i would try to avoid the *impl classes.
instead do:
UserManager um = JackrabbitSession.getUserManager();
Authorizable u = um.getAuthorizable(userid);
Principal p = u.getPrincipal();
regards, toby
On Sun, Sep 18, 2011 at 10:20 PM, Francisco Carriedo Scher
<fcarriedos@gmail.com> wrote:
> Thank you very much Toby,
>
> the problem was related with other issue. It results that i needed to use
> DefaultLoginModule, DefaultAccessManager and DefaultSecurityManager and the
> default repository.xml file created in the standalone declares
> SimpleAccessManager, Simple... And it just doesn't work. Now assigning ACLs
> works ok for the EveryonePrincipal, but not for any other user. I guess that
> i am not correctly creating users like this:
>
> public boolean createUser(String name, String pass) throws
> AuthorizableExistsException, RepositoryException{
>
> User u;
> PrincipalImpl p = new PrincipalImpl(name);
> String usersPath = "/" + name;
>
> u = um.createUser(name, pass, p, null);
> u.setProperty("homeFolder",
> session.getValueFactory().createValue(usersPath));
> // "HOME" folder for the brand new user
> createUsersFolder(name, session);
>
> session.save();
> return true;
>
> }
>
> After executing this code, i try to log in with the new user and i get a
> exception: javax.jcr.LoginException: LoginModule ignored Credentials
>
> In addition, i can not set ACEs on a folder for any user when creating a
> folder:
>
> private void setAcl(Principal p, String path) throws
> UnsupportedRepositoryOperationException, RepositoryException {
>
> AccessControlManager aMgr = session.getAccessControlManager();
>
> // create a privilege set with jcr:all
> Privilege [] privileges = new Privilege[3];
> privileges[0] = aMgr.privilegeFromName(Privilege.JCR_READ);
> privileges[1] =
> aMgr.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES);
> privileges[2] =
> aMgr.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES);
> AccessControlList acl;
> try {
> // get first applicable policy (for nodes w/o a policy)
> acl = (AccessControlList)
> aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
> } catch (NoSuchElementException e) {
> // else node already has a policy, get that one
> acl = (AccessControlList) aMgr.getPolicies(path)[0];
> }
> // remove all existing entries
> for (AccessControlEntry e : acl.getAccessControlEntries()) {
> acl.removeAccessControlEntry(e);
> }
> // add a new one for the special "everyone" principal
> _acl.addAccessControlEntry(p, privileges); // THIS LINE CAUSES THE
> EXCEP._
>
> // the policy must be re-set
> aMgr.setPolicy(path, acl);
>
> // and the session must be saved for the changes to be applied
> session.save();
>
> }
>
> On the code above i get the Principal p instance like this:
>
> um.getPrincipal(new SimpleCredentials(username, username.toCharArray()))
>
> where username is the username and password of the user i want to assign the
> ACL to and the usermanager is instantiated with admin:admin credentials like
> this:
>
> UserManagerImpl um = new UserManagerImpl((SessionImpl) session, "admin");
>
> Summing up, i see it like this:
>
> - i start an admin session and get a user manager instance as admin.
> - i create users correctly
> - i create folders correctly and try to set ACLs to the users i create but
> it doesn't work (because it throws a
> javax.jcr.security.AccessControlException: Principal sol3 does not exist.
> exception).
>
> Is there something i am missing? Thanks in advance for your attention!
>
>
>
> 2011/9/17 Tobias Bocanegra <tripod@adobe.com>
>>
>> hi francisco,
>>
>> if you are using normal resource based ACLs you can manage them with
>> the provided interfaces.
>>
>> example to grant all rights to everyone:
>>
>> AccessControlManager aMgr = session.getAccessControlManager();
>> Privilege[] privileges = new
>> Privilege[]{aMgr.privilegeFromName(Privilege.JCR_ALL)};
>>
>> // find the ACL policy
>> JackrabbitAccessControlList acl;
>> try {
>> acl = (JackrabbitAccessControlList)
>> aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
>> } catch (NoSuchElementException e) {
>> acl = (JackrabbitAccessControlList) aMgr.getPolicies(path)[0];
>> }
>>
>> // remove all existing ACEs
>> for (AccessControlEntry e : acl.getAccessControlEntries()) {
>> acl.removeAccessControlEntry(e);
>> }
>> acl.addEntry(EveryonePrincipal.getInstance(), privileges, true);
>> aMgr.setPolicy(path, acl);
>> session.save();
>>
>> (the above code is a bit a hack, as it catches the
>> NoSuchElementException from the iterator.next - but i hadn't a nicer
>> example ready)
>> the point here is, that 'getApplicablePolicies' will return an empty
>> iterator if there is already a policy defined on that path. usually
>> (in the default implementation) there is only 1 policy, the
>> JackrabbitAccessControlList. And either it's applicable, or already
>> defined. the rock solid approach would be do iterate over applicable
>> or getPolicies until you find a 'JackrabbitAccessControlList'.
>>
>> hope this helps.
>> regards, toby
>>
>> On Tue, Sep 13, 2011 at 12:04 AM, Francisco Carriedo Scher
>> <fcarriedos@gmail.com> wrote:
>> > Ok, guessing that i need to extend AbstractAccessManager with my own
>> > class
>> > and override setPolicyMethod, which is exactly the best way to bind a
>> > Policy
>> > object to a Node object? Is it up to the designer?
>> >
>> > Thanks for your attention, greetings!
>> >
> |