jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Malzer Ferdinand OSP sIT <Ferdinand.Mal...@s-itsolutions.at>
Subject AW: AW: remove read-access for everyone from a principal ACL based workspace
Date Wed, 09 May 2012 12:02:03 GMT
I tried the following configuration in the corresponding workspace.xml:

            <AccessControlProvider class="org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider">
                <param name="omit-default-permission" value="true"/>

but it is still possible for every user to read the information from the workspace.
in the workspace the following access-control for 'everyone' exists with the above configuration:

/rep:accesscontrol/everyone/jcr:primaryType = rep:PrincipalAccessControl
/rep:accesscontrol/everyone/rep:policy/jcr:primaryType = rep:ACL
/rep:accesscontrol/everyone/rep:policy/entry/rep:privileges = jcr:read
/rep:accesscontrol/everyone/rep:policy/entry/rep:nodePath = /
/rep:accesscontrol/everyone/rep:policy/entry/rep:principalName = everyone
/rep:accesscontrol/everyone/rep:policy/entry/jcr:primaryType = rep:GrantACE

perhabs principalbased.ACLProvider does not support the ' omit-default-permission' parameter?

best regards

-----Urspr√ľngliche Nachricht-----
Von: Angela Schreiber [mailto:anchela@adobe.com] 
Gesendet: Mittwoch, 09. Mai 2012 10:15
An: users@jackrabbit.apache.org
Betreff: Re: AW: remove read-access for everyone from a principal ACL based workspace


> I wonder how I could turn off read-access of for everyone by configurion of theworkspace's
> Neither could I find any hint in the repository-2.0-elements.dtd nor could I find any
information in the javadoc AccessControlProvider.
> Do you have some more infromation about configruation?

you have to adjust the configuration of your workspace:

<?xml version="1.0" encoding="UTF-8"?>
<Workspace name="...">
      <AccessControlProvider class="...">
          <!-- implementation specific parameters. such as e.g. -->
          <param name="omit-default-permission" value="true"/>

if you want to change the configuration for all workspace you
are going to create, you may in addition change the workspace
configuration template in the repository.xml

hope that helps

> best regards
> ferry malzer
> -----Urspr√ľngliche Nachricht-----
> Von: Angela Schreiber [mailto:anchela@adobe.com]
> Gesendet: Dienstag, 08. Mai 2012 08:37
> An: users@jackrabbit.apache.org
> Betreff: Re: remove read-access for everyone from a principal ACL based workspace
> hi
> first you can turn that read access for everyone off in the access
> control provider configuration of your workspace.
> second you can't remove protected nodes such as e.g. the access
> control content. in order to remove that access control list you
> have to remove the policy through the API.
> ->  JackrabbitAccessControlManager#removePolicy
> kind regards
> angela
> On 5/7/12 9:11 AM, Malzer Ferdinand OSP sIT wrote:
>> Hello,
>> We use a principal ACL based workspace, but we won't that every user has read access
to the workspace.
>> So we tried to remove node "/rep:accesscontrol/everyone" from the workspace.
>> Unfortunately we get the following exception:
>> javax.jcr.nodetype.ConstraintViolationException: Unable to perform operation. Node
is protected.
>> 	at org.apache.jackrabbit.core.ItemValidator.checkCondition(ItemValidator.java:276)
>> Does somebody know how to configure a principal ACL based workspace to avoid read-access
for everyone?
>> Thx in advance!
>> ferry malzer

View raw message