jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "amar.deka@gmail.com" <amar.d...@gmail.com>
Subject Trouble enforcing read-write ACL to Jackrabbit users on versionable nodes
Date Tue, 22 Nov 2011 19:00:06 GMT
(This question was cross-posted to 
http://stackoverflow.com/questions/8174226/trouble-enforcing-read-write-acl-to-jackrabbit-users-on-versionable-nodes
StatckOverflow.com  However I have not received any answer)
We are using Jackrabbit 2.2.7 to develop a repository for xml documents.

We want to create a bunch of users for the repository and enforce some sort
of read-only and read-write access privileges on them. We have used the
resource based ACL as described 
http://wiki.apache.org/jackrabbit/AccessControl#Resource-based_ACLs here .
Read-only permission works as charm. However, we are having hard time
getting read-write to work when a user attempts to create/delete a node that
is versionable (mix:versionable), even though we grant him the highest
possible privilege, Privilege.JCR_ALL. So far we have realized that the
modification to a versioned node actually is not simple. In Jackrabbit, it
span across multiple nodes - /jcr:system/jcr:versionStorage is one of them.
It seems that unless the user is the admin user himself, he cannot make
modification to /jcr:system/ and its child nodes.

So my questions are

a) is there a way I enable normal users to modify versionable nodes?
b) is there a way to create multiple admin users in jackrabbit (pointers,
wiki, code snippet)?
Here is the security section from the repository.xml:


<Security appName="Jackrabbit">
    <SecurityManager
class="org.apache.jackrabbit.core.DefaultSecurityManager" 
        workspaceName="security">
        
        
    </SecurityManager>

    <AccessManager 
        class="org.apache.jackrabbit.core.security.DefaultAccessManager">
        
    </AccessManager>

    <LoginModule 
       
class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
       
       
       
       
    </LoginModule>
</Security>

Here is how we are creating users and enabling access control:

{
        ...
        JackrabbitSession js = (JackrabbitSession) session;
        UserManager um = js.getUserManager();
        Authorizable grp = um.getAuthorizable("usergroup");
        Group userGroup = null;
        if(grp == null){
            userGroup = um.createGroup("usergroup");
        }else{
            userGroup = (Group) grp;
        }

        User user = um.createUser(newUserName, newUserPass);
        userGroup.addMember(user);

        Node node = session.getNode("/root");           

        AccessControlManager acm = session.getAccessControlManager();
        AccessControlList acl = getList(acm, node.getPath());

        Privilege[] privileges = null ;
        if(privilege.equals("r")){

            privileges = new Privilege[]
            {
                acm.privilegeFromName(Privilege.JCR_READ),
                acm.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT)
            };

        }else if(privilege.equals("rw")){
            privileges = new Privilege[]
            {

                acm.privilegeFromName(Privilege.JCR_ALL)
            };
        }else{

            return;
        }
        acl.addAccessControlEntry(new PrincipalImpl(user.getID()),
privileges);
        acm.setPolicy(node.getPath(), acl);

        session.save();
 }




--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Trouble-enforcing-read-write-ACL-to-Jackrabbit-users-on-versionable-nodes-tp4096902p4096902.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Mime
View raw message