jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Malzer Ferdinand OSP sIT <Ferdinand.Mal...@s-itsolutions.at>
Subject problems using UserPerWorkspaceSecurityManager
Date Tue, 29 May 2012 09:50:18 GMT
hello,
I try to use the following security configuration:

repository config:

<SecurityManager class="org.apache.jackrabbit.core.UserPerWorkspaceSecurityManager">


workspace config:

        <WorkspaceSecurity>
            <AccessControlProvider class="org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider">
                <param name="omit-default-permission" value="true"/>
            </AccessControlProvider>
        </WorkspaceSecurity>


I create a user 'ferry' in the workspace:

/rep:security/rep:authorizables/rep:users/f
/rep:security/rep:authorizables/rep:users/f/jcr:createdBy = admin
/rep:security/rep:authorizables/rep:users/f/jcr:created = 2012-05-29T11:34:37.828+02:00
/rep:security/rep:authorizables/rep:users/f/jcr:primaryType = rep:AuthorizableFolder
/rep:security/rep:authorizables/rep:users/f/fe
/rep:security/rep:authorizables/rep:users/f/fe/jcr:createdBy = admin
/rep:security/rep:authorizables/rep:users/f/fe/jcr:created = 2012-05-29T11:34:37.844+02:00
/rep:security/rep:authorizables/rep:users/f/fe/jcr:primaryType = rep:AuthorizableFolder
/rep:security/rep:authorizables/rep:users/f/fe/ferry
/rep:security/rep:authorizables/rep:users/f/fe/ferry/rep:password = {sha1}b8cb3e1eebfe4786-20836e1148db38251cca20bbf14d4d1c4a8ad183
/rep:security/rep:authorizables/rep:users/f/fe/ferry/jcr:uuid = 46171b07-7997-3166-bb30-cf5494eff2f8
/rep:security/rep:authorizables/rep:users/f/fe/ferry/jcr:createdBy = admin
/rep:security/rep:authorizables/rep:users/f/fe/ferry/rep:principalName = ferry
/rep:security/rep:authorizables/rep:users/f/fe/ferry/jcr:created = 2012-05-29T11:34:37.844+02:00
/rep:security/rep:authorizables/rep:users/f/fe/ferry/jcr:primaryType = rep:User

after that I add read/write access-rights for user ferry to the workspace:

/rep:accesscontrol
/rep:accesscontrol/jcr:primaryType = rep:AccessControl
/rep:accesscontrol/rep:security
/rep:accesscontrol/rep:security/jcr:primaryType = rep:AccessControl
/rep:accesscontrol/rep:security/rep:authorizables
/rep:accesscontrol/rep:security/rep:authorizables/jcr:primaryType = rep:AccessControl
/rep:accesscontrol/rep:security/rep:authorizables/rep:users
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/jcr:primaryType = rep:AccessControl
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/jcr:primaryType = rep:AccessControl
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/jcr:primaryType = rep:AccessControl
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/ferry
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/ferry/jcr:primaryType = rep:PrincipalAccessControl
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/ferry/rep:policy
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/ferry/rep:policy/jcr:primaryType
= rep:ACL
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/ferry/rep:policy/entry
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/ferry/rep:policy/entry/rep:privileges
= jcr:write
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/ferry/rep:policy/entry/rep:privileges
= jcr:read
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/ferry/rep:policy/entry/rep:glob
= *
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/ferry/rep:policy/entry/rep:nodePath
= /
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/ferry/rep:policy/entry/rep:principalName
= ferry
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/f/fe/ferry/rep:policy/entry/jcr:primaryType
= rep:GrantACE


when I try to get the root node information of the workspace I get the following exception:

javax.jcr.AccessDeniedException: cannot read item cafebabe-cafe-babe-cafe-babecafebabe
        at org.apache.jackrabbit.core.ItemManager.createItemData(ItemManager.java:844)

Does someone have any idea what goes wrong?

best regards
ferry malzer




Mime
View raw message