jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a_totade <a_tot...@rediffmail.com>
Subject Jack Rabbit ACL not working as expected
Date Fri, 12 Jul 2013 11:11:15 GMT
Hi All,

I am working on jackrabbit to manage content and looking into the ACL for
permission.

I have created two nodes userBalaji and userShahid.  I have given all
privileges of userBalaji node to balaji and userShahid node to shahid. 
shahid does not have access to userBalaji  node.  When I retrieve userBalaji
node   using shahid's session I was expecting no result or "access deny"
error but I was successfully able to retrieve useBalaji Node.

Is my assumption wrong. What is the expected behavior?  Can jacrabbit hide
data for which user does not have permission? As for my understanding there
is no access deny permission.

I have also attached code snippet for better understanding about my code.

---Method adding user permissions to node

 public static void userPermissionsResourceBased() {
        try {
            Session session = userLogin("admin");
            SessionImpl si = (SessionImpl) session;
            si.getUserManager();
            Node node = session.getRootNode().getNode("userBalaji");
            //Node node = session.getRootNode().getNode("userShahid");

            String path = node.getPath();


            UserManager userManager = si.getUserManager();
            User user = ((User) userManager.getAuthorizable("balaji"));
          //User user = ((User) userManager.getAuthorizable("shahid"));
            User admin = ((User) userManager.getAuthorizable("admin"));
            AccessControlManager aMgr = session.getAccessControlManager();

            Privilege[] privileges = new
Privilege[]{aMgr.privilegeFromName(Privilege.JCR_ALL)};
            Privilege[] privilegesAdmin = new
Privilege[]{aMgr.privilegeFromName(Privilege.JCR_ALL)};

            AccessControlList acl;
            try {
                acl = (AccessControlList)
aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
            } catch (NoSuchElementException e) {


                acl = (AccessControlList) aMgr.getPolicies(path)[0];

            }


            acl.addAccessControlEntry(user.getPrincipal(), privileges);
            //acl.addAccessControlEntry(admin.getPrincipal(),
privilegesAdmin);

            //Setting for all users for perticular path
            //aMgr.removePolicy(path, acl);
            aMgr.setPolicy(path, acl);
            session.save();
            try {
                acl = (AccessControlList)
aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
            } catch (NoSuchElementException e) {
                System.out.println("rrrrrr");

                acl = (AccessControlList) aMgr.getPolicies(path)[0];
                System.out.println("rrrrrr222");
            }
            AccessControlEntry[] accessControlEntries =
acl.getAccessControlEntries();
            for (int i = 0; i < accessControlEntries.length; i++) {
                System.out.println(accessControlEntries[i].getPrincipal());
               
System.out.println(accessControlEntries[i].getPrivileges()[0]);
            }
            session.logout();
        } catch (Exception e) {
            System.out.println("erroe in permissions===>" + e);
        }
    }

----Method for reading node


    public static void readNode() {
        try {

            Session userLogin = userLogin("shahid");
            System.out.println("Login OK by " + userLogin.getUserID() + "
user");
            Node n = null;
            try {
                n = userLogin.getRootNode().getNode("SStorm");
            } catch (Exception e) {
                n = userLogin.getRootNode().addNode("SStorm");
            }

            Node c = n.getNode("userBalaji");
         

           
            System.out.println("node
path............................OK"+c.getPath());
           
            userLogin.logout();
        } catch (Exception e) {
            System.out.println("error==>" + e);
        }
    }

  

Regards,
Ashish



--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Jack-Rabbit-ACL-not-working-as-expected-tp4659041.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Mime
View raw message