jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francisco Carriedo Scher <fcarrie...@gmail.com>
Subject Re: Setting up Access Control
Date Wed, 14 Sep 2011 09:06:14 GMT
Yes, i am using jackrabbit-standalone-2.2.8.jar and as Maikhorma suggested i
started from scratch with a brand new Java project and the only include is
the Jackrabbit library. Then i try the code included in my last email and it
throws an exception:

    public Node createFolder(String username, String path, String
foldername){

        Node actualNode;
        try {
            // Absolute path REQUIRED
            actualNode = session.getNode(path);
            actualNode = actualNode.addNode(foldername, "nt:folder");
            // Node HAVE TO exist prior to ACL setting
            session.save();
                              // Username value is "admin" or any other
username
            *setAcl(new PrincipalImpl(username), actualNode.getPath());*


        } catch (PathNotFoundException e) {
            e.printStackTrace();
            return null;
        } catch (RepositoryException e) {
            e.printStackTrace();
            return null;
        }

        return actualNode;
    }

    private void *setAcl(Principal p, String path)* throws
UnsupportedRepositoryOperationException, RepositoryException {

        AccessControlManager aMgr = session.getAccessControlManager();

        // create a privilege set with jcr:all
        Privilege[] privileges = new Privilege[] {
aMgr.privilegeFromName(Privilege.JCR_ALL) };
        AccessControlList acl;
        try {
            // get first applicable policy (for nodes w/o a policy)
            acl = (AccessControlList)
aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
        } catch (NoSuchElementException e) {
            // else node already has a policy, get that one
            *acl = (AccessControlList) aMgr.getPolicies(path)[0];*
        }
        // remove all existing entries
        for (AccessControlEntry e : acl.getAccessControlEntries()) {
            acl.removeAccessControlEntry(e);
        }
        // add a new one for the special "everyone" principal
        acl.addAccessControlEntry(p, privileges);

        // the policy must be re-set
        aMgr.setPolicy(path, acl);

        // and the session must be saved for the changes to be applied
        session.save();

    }

Executing the code above i get  the following exception (caused by the code
above highlighted in red colour):
*
java.lang.ArrayIndexOutOfBoundsException: 0
    at
com.solaiemes.filerepository.management.FileManager.setAcl(FileManager.java:126)
    at
com.solaiemes.filerepository.management.FileManager.createFolder(FileManager.java:103)
    at com.solaiemes.filerepository.starting.Permisos.main(Permisos.java:70)
*


>From your last email i switched to use the DefaultAccessManager, specifying
it in the repository.xml:

    <Security appName="Jackrabbit">
        <!--
            security manager:
            class: FQN of class implementing the JackrabbitSecurityManager
interface
        -->
        <SecurityManager
class="org.apache.jackrabbit.core.security.simple.SimpleSecurityManager"
workspaceName="security">
            <!--
            workspace access:
            class: FQN of class implementing the WorkspaceAccessManager
interface
            -->
            <!-- <WorkspaceAccessManager class="..."/> -->
            <!-- <param name="config" value="${rep.home}/security.xml"/> -->
        </SecurityManager>

        <!--
            access manager:
            class: FQN of class implementing the AccessManager interface
        -->
        <!-- <AccessManager
class="org.apache.jackrabbit.core.security.simple.SimpleAccessManager"> -->
        <AccessManager class="*
org.apache.jackrabbit.core.security.DefaultAccessManager*">
            <!-- <param name="config" value="${rep.home}/access.xml"/> -->
        </AccessManager>

        <LoginModule
class="org.apache.jackrabbit.core.security.simple.SimpleLoginModule">
           <!--
              anonymous user name ('anonymous' is the default value)
            -->
           <param name="anonymousId" value="anonymous"/>
           <!--
              administrator user id (default value if param is missing is
'admin')
            -->
           <param name="adminId" value="admin"/>
        </LoginModule>
    </Security>

But then, when trying to execute the same code stated above (which just
creates a folder and tries to assign an ACL to the path of the folder) it
throws the following exception (i input the / folder):

*javax.jcr.PathNotFoundException: /*

Thanks for helping!



2011/9/14 Alexander Klimetschek <aklimets@adobe.com>

> On 13.09.11 23:41, "Francisco Carriedo Scher" <fcarriedos@gmail.com>
> wrote:
>
> SimpleAccessManager
>
>
> This is the "old" access manager from 1.x times that supports only a very
> simple authorization between "admin", normal users and anonymous.
>
> For the JCR 2.0 ACLs you want to use the DefaultAccessManager.
>
> On the other hand, if i use the DefaultAccessManager instead, i am not able
> even to log in the repository and every action i try to perform throws an
> exception (AccessDenied, PathNotFound,...).
>
>
> Are you using a standard Jackrabbit 2.x installation? There is a bit more
> than the AccessManager in the repository.xml, but the default setup should
> be right (no need to do anything).
>
> The default admin user is admin/admin, and with this one you can create
> users, etc. and set acls.
>
> Regards,
> Alex
>
> --
> Alexander Klimetschek
> Developer // Adobe (Day) // Berlin - Basel
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message