jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Bocanegra <tri...@adobe.com>
Subject Re: Setting permissions
Date Mon, 19 Sep 2011 20:04:08 GMT
hi,
i'm not sure what's wrong, but i would try to avoid the *impl classes.
instead do:

UserManager um = JackrabbitSession.getUserManager();
Authorizable u = um.getAuthorizable(userid);
Principal p = u.getPrincipal();

regards, toby

On Sun, Sep 18, 2011 at 10:20 PM, Francisco Carriedo Scher
<fcarriedos@gmail.com> wrote:
> Thank you very much Toby,
>
> the problem was related with other issue. It results that i needed to use
> DefaultLoginModule, DefaultAccessManager and DefaultSecurityManager and the
> default repository.xml file created in the standalone declares
> SimpleAccessManager, Simple... And it just doesn't work. Now assigning ACLs
> works ok for the EveryonePrincipal, but not for any other user. I guess that
> i am not correctly creating users like this:
>
>     public boolean createUser(String name, String pass) throws
> AuthorizableExistsException, RepositoryException{
>
>         User u;
>         PrincipalImpl p = new PrincipalImpl(name);
>         String usersPath = "/" + name;
>
>         u = um.createUser(name, pass, p, null);
>         u.setProperty("homeFolder",
> session.getValueFactory().createValue(usersPath));
>         // "HOME" folder for the brand new user
>         createUsersFolder(name, session);
>
>         session.save();
>         return true;
>
>     }
>
> After executing this code, i try to log in with the new user and i get a
> exception: javax.jcr.LoginException: LoginModule ignored Credentials
>
> In addition, i can not set ACEs on a folder for any user when creating a
> folder:
>
>     private void setAcl(Principal p, String path) throws
> UnsupportedRepositoryOperationException, RepositoryException {
>
>         AccessControlManager aMgr = session.getAccessControlManager();
>
>         // create a privilege set with jcr:all
>         Privilege [] privileges = new Privilege[3];
>         privileges[0] = aMgr.privilegeFromName(Privilege.JCR_READ);
>         privileges[1] =
> aMgr.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES);
>         privileges[2] =
> aMgr.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES);
>         AccessControlList acl;
>         try {
>             // get first applicable policy (for nodes w/o a policy)
>             acl = (AccessControlList)
> aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
>         } catch (NoSuchElementException e) {
>             // else node already has a policy, get that one
>             acl = (AccessControlList) aMgr.getPolicies(path)[0];
>         }
>         // remove all existing entries
>         for (AccessControlEntry e : acl.getAccessControlEntries()) {
>             acl.removeAccessControlEntry(e);
>         }
>         // add a new one for the special "everyone" principal
>         _acl.addAccessControlEntry(p, privileges); // THIS LINE CAUSES THE
> EXCEP._
>
>         // the policy must be re-set
>         aMgr.setPolicy(path, acl);
>
>         // and the session must be saved for the changes to be applied
>         session.save();
>
>     }
>
> On the code above i get the Principal p instance like this:
>
> um.getPrincipal(new SimpleCredentials(username, username.toCharArray()))
>
> where username is the username and password of the user i want to assign the
> ACL to and the usermanager is instantiated with admin:admin credentials like
> this:
>
> UserManagerImpl um = new UserManagerImpl((SessionImpl) session, "admin");
>
> Summing up, i see it like this:
>
> - i start an admin session and get a user manager instance as admin.
> - i create users correctly
> - i create folders correctly and try to set ACLs to the users i create but
> it doesn't work (because it throws a
> javax.jcr.security.AccessControlException: Principal sol3 does not exist.
> exception).
>
> Is there something i am missing? Thanks in advance for your attention!
>
>
>
> 2011/9/17 Tobias Bocanegra <tripod@adobe.com>
>>
>> hi francisco,
>>
>> if you are using normal resource based ACLs you can manage them with
>> the provided interfaces.
>>
>> example to grant all rights to everyone:
>>
>> AccessControlManager aMgr = session.getAccessControlManager();
>> Privilege[] privileges = new
>> Privilege[]{aMgr.privilegeFromName(Privilege.JCR_ALL)};
>>
>> // find the ACL policy
>> JackrabbitAccessControlList acl;
>> try {
>>   acl = (JackrabbitAccessControlList)
>> aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
>> } catch (NoSuchElementException e) {
>>   acl = (JackrabbitAccessControlList) aMgr.getPolicies(path)[0];
>> }
>>
>> // remove all existing ACEs
>> for (AccessControlEntry e : acl.getAccessControlEntries()) {
>>  acl.removeAccessControlEntry(e);
>> }
>> acl.addEntry(EveryonePrincipal.getInstance(), privileges, true);
>> aMgr.setPolicy(path, acl);
>> session.save();
>>
>> (the above code is a bit a hack, as it catches the
>> NoSuchElementException from the iterator.next - but i hadn't a nicer
>> example ready)
>> the point here is, that 'getApplicablePolicies' will return an empty
>> iterator if there is already a policy defined on that path. usually
>> (in the default implementation) there is only 1 policy, the
>> JackrabbitAccessControlList. And either it's applicable, or already
>> defined. the rock solid approach would be do iterate over applicable
>> or getPolicies until you find a 'JackrabbitAccessControlList'.
>>
>> hope this helps.
>> regards, toby
>>
>> On Tue, Sep 13, 2011 at 12:04 AM, Francisco Carriedo Scher
>> <fcarriedos@gmail.com> wrote:
>> > Ok, guessing that i need to extend AbstractAccessManager with my own
>> > class
>> > and override setPolicyMethod, which is exactly the best way to bind a
>> > Policy
>> > object to a Node object? Is it up to the designer?
>> >
>> > Thanks for your attention, greetings!
>> >
>
Mime
View raw message