Return-Path: 
 <users-return-19840-apmail-jackrabbit-users-archive=jackrabbit.apache.org@jackrabbit.apache.org>
X-Original-To: apmail-jackrabbit-users-archive@minotaur.apache.org
Delivered-To: apmail-jackrabbit-users-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A639D10085
	for <apmail-jackrabbit-users-archive@minotaur.apache.org>;
 Sun, 14 Jul 2013 17:37:27 +0000 (UTC)
Received: (qmail 52171 invoked by uid 500); 14 Jul 2013 17:37:26 -0000
Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org
Received: (qmail 52060 invoked by uid 500); 14 Jul 2013 17:37:22 -0000
Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@jackrabbit.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@jackrabbit.apache.org>
List-Post: <mailto:users@jackrabbit.apache.org>
List-Id: <users.jackrabbit.apache.org>
Reply-To: users@jackrabbit.apache.org
Delivered-To: mailing list users@jackrabbit.apache.org
Delivered-To: moderator for users@jackrabbit.apache.org
Received: (qmail 89189 invoked by uid 99); 12 Jul 2013 11:12:20 -0000
X-ASF-Spam-Status: No, hits=2.3 required=5.0
	tests=SPF_SOFTFAIL,URI_HEX
X-Spam-Check-By: apache.org
Received-SPF: softfail (athena.apache.org: transitioning domain of
 a_totade@rediffmail.com does not designate 216.139.250.139 as permitted
 sender)
Date: Fri, 12 Jul 2013 04:11:15 -0700 (PDT)
From: a_totade <a_totade@rediffmail.com>
To: users@jackrabbit.apache.org
Message-ID: <1373627475179-4659041.post@n4.nabble.com>
Subject: Jack Rabbit ACL not working as expected
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

Hi All,

I am working on jackrabbit to manage content and looking into the ACL for
permission.

I have created two nodes userBalaji and userShahid.  I have given all
privileges of userBalaji node to balaji and userShahid node to shahid. 
shahid does not have access to userBalaji  node.  When I retrieve userBalaji
node   using shahid's session I was expecting no result or "access deny"
error but I was successfully able to retrieve useBalaji Node.

Is my assumption wrong. What is the expected behavior?  Can jacrabbit hide
data for which user does not have permission? As for my understanding there
is no access deny permission.

I have also attached code snippet for better understanding about my code.

---Method adding user permissions to node

 public static void userPermissionsResourceBased() {
        try {
            Session session = userLogin("admin");
            SessionImpl si = (SessionImpl) session;
            si.getUserManager();
            Node node = session.getRootNode().getNode("userBalaji");
            //Node node = session.getRootNode().getNode("userShahid");

            String path = node.getPath();


            UserManager userManager = si.getUserManager();
            User user = ((User) userManager.getAuthorizable("balaji"));
          //User user = ((User) userManager.getAuthorizable("shahid"));
            User admin = ((User) userManager.getAuthorizable("admin"));
            AccessControlManager aMgr = session.getAccessControlManager();

            Privilege[] privileges = new
Privilege[]{aMgr.privilegeFromName(Privilege.JCR_ALL)};
            Privilege[] privilegesAdmin = new
Privilege[]{aMgr.privilegeFromName(Privilege.JCR_ALL)};

            AccessControlList acl;
            try {
                acl = (AccessControlList)
aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
            } catch (NoSuchElementException e) {


                acl = (AccessControlList) aMgr.getPolicies(path)[0];

            }


            acl.addAccessControlEntry(user.getPrincipal(), privileges);
            //acl.addAccessControlEntry(admin.getPrincipal(),
privilegesAdmin);

            //Setting for all users for perticular path
            //aMgr.removePolicy(path, acl);
            aMgr.setPolicy(path, acl);
            session.save();
            try {
                acl = (AccessControlList)
aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
            } catch (NoSuchElementException e) {
                System.out.println("rrrrrr");

                acl = (AccessControlList) aMgr.getPolicies(path)[0];
                System.out.println("rrrrrr222");
            }
            AccessControlEntry[] accessControlEntries =
acl.getAccessControlEntries();
            for (int i = 0; i < accessControlEntries.length; i++) {
                System.out.println(accessControlEntries[i].getPrincipal());
               
System.out.println(accessControlEntries[i].getPrivileges()[0]);
            }
            session.logout();
        } catch (Exception e) {
            System.out.println("erroe in permissions===>" + e);
        }
    }

----Method for reading node


    public static void readNode() {
        try {

            Session userLogin = userLogin("shahid");
            System.out.println("Login OK by " + userLogin.getUserID() + "
user");
            Node n = null;
            try {
                n = userLogin.getRootNode().getNode("SStorm");
            } catch (Exception e) {
                n = userLogin.getRootNode().addNode("SStorm");
            }

            Node c = n.getNode("userBalaji");
         

           
            System.out.println("node
path............................OK"+c.getPath());
           
            userLogin.logout();
        } catch (Exception e) {
            System.out.println("error==>" + e);
        }
    }

  

Regards,
Ashish



--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Jack-Rabbit-ACL-not-working-as-expected-tp4659041.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.