jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francisco Carriedo Scher <fcarrie...@gmail.com>
Subject ACLs, ACEs, Privileges...
Date Thu, 08 Sep 2011 13:47:04 GMT
Hi there,

i am trying to assign the right permissions for the users to operate with
nodes (folders, files...). First of all i checked
http://wiki.apache.org/jackrabbit/AccessControl but the sample for Resource
Based ACLs is a TODO. Then i checked the API to see if it is explicit enough
to do my way with it, but it is not at least for me.

The point i am now at is the following: i can create users (and authenticate
them) and nodes (folders, files...) and i want to set permissions to allow /
disallow actions coming from the subjects over the nodes. Conceptually i
understand what i want to do (set up resource-based ACLs on the root node
that disallows access for every user except the administrator and another
one in each directory which allows access just for its onwer). I think that
the problem is that i am missing something when trying to work with the Java
code. The following piece is the way i access the privileges that the user
(representated by the session i guess) on a node (represented by the path):

        AccessControlManager acm = session.getAccessControlManager();
        *// MyOwnACLTemplate extends AbstractACLTemplate*
        AccessControlPolicy policy = new *MyOwnACLTemplate*(usersPath,
        *// AccessControlPolicy -- Implemented by --> AbstractACLTemplate*
        acm.setPolicy(usersPath, policy);

And in the last line, when trying to set the policy, i reach the following
code inside Jackrabbit:

    public void setPolicy(String absPath, AccessControlPolicy policy) throws




        checkPermission(absPath, Permission.MODIFY_AC);
                    // This exception is always thrown
       * throw new AccessControlException("AccessControlPolicy " + policy +
" cannot be applied.");*


As far as i understand and seeing the code (inside Jackrabbit), a policy
will never be assigned, isn't it? Should i write my own code to manage the
ACLs, Policies (set of ACEs, isn't it?) and so on?

BTW, am i in the right path to achieve what i described as my target? Or
results that managing ACLs in Jackrabbit is completely different to the path
i am following now?

Thanks in advance for your attention!

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message