jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: how to provide read-access to a user using a principal based ACL
Date Tue, 08 May 2012 12:54:15 GMT
well... somehow the subject doesn't match the example code below.
if you are really using 'principal based' access control you
should use the jackrabbit variants of the policy methods that
take a principal as an argument:
JackrabbitAccessControlManager#getApplicablePolicies(Principal)

a second note: i don't see why you first use principal manager and
subsequently the user manager... the second is superfluous IMO.

kind regards
angela

On 5/8/12 11:54 AM, Kanchan Mourya wrote:
> Hi,
>
> I am new to jackrabbit. I am creating a content repository. I want to give users specific
access for nodes. Eg I want to assign read access to user john for node /adminuser/resources
>
> Following is the code I m using
>
> try{
>
>                          Repository repository = createJCRRepository.createRepository();
>                          Session session = repository.login(new SimpleCredentials("admin","".toCharArray()));
>                          System.out.println("connected to Repository successfully at
D:/jcrconfigfile/repo....");
>
>                          Node n1 = session.getNode("/adminuser/resources");
>
>                          // usual entry point into the Jackrabbit API
>                          JackrabbitSession js = (JackrabbitSession) session;
>
>                          PrincipalManager pMgr = js.getPrincipalManager();
>                          Principal principal = pMgr.getPrincipal(session.getUserID());
>
>                          User user = ((User) js.getUserManager().getAuthorizable("john"));
>                          principal = user.getPrincipal();
>
>                          System.out.println("principal is ======="+principal);
>                          JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager)
session.getAccessControlManager();
>
>                           AccessControlPolicyIterator it =  acMgr.getApplicablePolicies(n1.getPath());
>                           if (it.hasNext()) {
>
>                                   System.out.println(" coming here to set policy");
>                                   AccessControlPolicy policy = it.nextAccessControlPolicy();
>                                   if (policy instanceof AccessControlList) {
>                                           Privilege[] privileges = new Privilege[1];
>                                           privileges[0] = acMgr.privilegeFromName(Privilege.JCR_READ);
>                                           ((AccessControlList)policy).addAccessControlEntry(user.getPrincipal(),
>                                                           privileges);
>                                           acMgr.setPolicy(n1.getPath(), policy);
>                                   }
>                           }
>
>                           System.out.println(" access provided");
>                          session.save();
>                          session.logout();
>
>                  }catch(Exception ex){
>                          ex.printStackTrace();
>
>                  }
>
>
>
> Problem is that the above code should give only read access to user john for specified
node. But when I m logging in as user john he is able to perform add, delete all operations
on /adminuser/resources node. John is able to add new node report under /adminuser/resources
and also able to delete it. Which I don't want I want to give only read access.
>
> Can anybody pointout where I m making mistake?
>
> Thanks
> kanchan
>
> NOTICE TO RECIPIENT: THIS E-MAIL (INCLUDING ANY ATTACHMENTS) IS MEANT FOR ONLY THE INTENDED
RECIPIENT OF THE TRANSMISSION, MAY CONTAIN CONFIDENTIAL INFORMATION, AND IS PROTECTED BY LAW.
IF YOU RECEIVED THIS E-MAIL IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER OF THE ERROR BY
RETURN E-MAIL, DELETE THIS COMMUNICATION AND SHRED ANY ATTACHMENTS. UNAUTHORIZED REVIEW, USE,
DISSEMINATION, DISTRIBUTION, COPYING OR TAKING OF ANY ACTION BASED ON THIS COMMUNICATION IS
STRICTLY PROHIBITED.

Mime
View raw message