jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kanchan Mourya <Kanchan.Mou...@symphonysv.com>
Subject RE: remove read-access for everyone from a principal ACL based workspace
Date Tue, 08 May 2012 07:36:05 GMT
 I am new to jackrabbit. I am creating a content repository. I want to give users specific
access for nodes. Eg I want to assign read access to user john for node /adminuser/resources

Following is the code I m using

try{

                        Repository repository = createJCRRepository.createRepository();
                        Session session = repository.login(new SimpleCredentials("admin","".toCharArray()));
                        System.out.println("connected to Repository successfully at D:/jcrconfigfile/repo....");

                        Node n1 = session.getNode("/adminuser/resources");

                        // usual entry point into the Jackrabbit API
                        JackrabbitSession js = (JackrabbitSession) session;

                        PrincipalManager pMgr = js.getPrincipalManager();
                        Principal principal = pMgr.getPrincipal(session.getUserID());

                        User user = ((User) js.getUserManager().getAuthorizable("john"));
                        principal = user.getPrincipal();

                        System.out.println("principal is ======="+principal);
                        JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager)
session.getAccessControlManager();

                         AccessControlPolicyIterator it =  acMgr.getApplicablePolicies(n1.getPath());
                         if (it.hasNext()) {

                                 System.out.println(" coming here to set policy");
                                 AccessControlPolicy policy = it.nextAccessControlPolicy();
                                 if (policy instanceof AccessControlList) {
                                         Privilege[] privileges = new Privilege[1];
                                         privileges[0] = acMgr.privilegeFromName(Privilege.JCR_READ);
                                         ((AccessControlList)policy).addAccessControlEntry(user.getPrincipal(),
                                                         privileges);
                                         acMgr.setPolicy(n1.getPath(), policy);
                                 }
                         }

                         System.out.println(" access provided");
                        session.save();
                        session.logout();

                }catch(Exception ex){
                        ex.printStackTrace();

                }



Problem is the above code should give only read access to user john for specified node. But
when I m logging in as user john he is able to perform add, delete all operations on /adminuser/resources
node. John is able to add new node report under /adminuser/resources and also able to delete
it. Which I don't want I want to give only read access.

Can anybody pointout where I m making mistake?

Thanks
kanchan

NOTICE TO RECIPIENT: THIS E-MAIL (INCLUDING ANY ATTACHMENTS) IS MEANT FOR ONLY THE INTENDED
RECIPIENT OF THE TRANSMISSION, MAY CONTAIN CONFIDENTIAL INFORMATION, AND IS PROTECTED BY LAW.
IF YOU RECEIVED THIS E-MAIL IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER OF THE ERROR BY
RETURN E-MAIL, DELETE THIS COMMUNICATION AND SHRED ANY ATTACHMENTS. UNAUTHORIZED REVIEW, USE,
DISSEMINATION, DISTRIBUTION, COPYING OR TAKING OF ANY ACTION BASED ON THIS COMMUNICATION IS
STRICTLY PROHIBITED.

Mime
View raw message