jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clay Ferguson <wcl...@gmail.com>
Subject Re: Problem adding Principal-based ACLs
Date Thu, 13 Aug 2015 13:48:31 GMT
Karsten,

I have a web app that I "think" is doing it reasonably correct (ACLs), or
at least appears to work. You can find the working code here:
https://github.com/Clay-Ferguson/meta64
Just download the zip and search for the keywords "acl", "privilege",
"principle". Also see AclService.java and AccessControlUtil.java.

Best regards,
Clay Ferguson
wclayf@gmail.com


On Thu, Aug 13, 2015 at 5:21 AM, Karsten Priegnitz <koem@petoria.de> wrote:

> Hallo group,
>
> I'm trying to add Principal-based ACLs as described here:
> http://wiki.apache.org/jackrabbit/AccessControl. But using that code I
> get an ArrayIndexOutOfBoundsException.
>
> I have the jackrabbit-webapp-2.10.1 running from sources in Eclipse.
> Works. Next I wrote a servlet that does init stuff: add 2 users adam & eve
> and grant them ACL_ALL (all privileges) on the root node.
>
> Code:
>
> public class MyInitServlet extends HttpServlet {
>
>     @Override
>     protected void doGet(HttpServletRequest req, HttpServletResponse resp)
> throws ServletException,
>             IOException {
>
>         super.doGet(req, resp);
>
>         try {
>             // get the repo from context
>
>             ServletContext context = this.getServletContext();
>             Repository repo = (Repository)
> context.getAttribute(Repository.class.getName());
>
>             // login as admin
>
>             JackrabbitSession session = (JackrabbitSession)
> Helper.login(repo,
>                     Helper.ADMIN_CREDENTIALS);
>
>             UserManager um = session.getUserManager();
>             for (String username : new String[] { "adam", "eve"}) {
>
>                 // create the user
>
>                 Authorizable authorizable = um.getAuthorizable(username);
>                 if (authorizable == null) {
>                     um.createUser(username, username);
>                     session.save();
>                 }
>
>                 User user = (User) um.getAuthorizable(username);
>                 addPrivileges(session, user, Privilege.JCR_ALL);
>
>                 session.save();
>
>                 LOG.info(" created user '{}'", username);
>             }
>
>             ...
>
>         } catch (Exception e) {
>             e.printStackTrace();
>         }
>
>     }
>
>     public static void addPrivileges(JackrabbitSession session, User user,
> String... privileges)
>             throws AccessDeniedException, AccessControlException,
>             UnsupportedRepositoryOperationException, RepositoryException {
>
>         // add principal-based privileges
>         // @see: http://wiki.apache.org/jackrabbit/AccessControl
>
>         JackrabbitAccessControlManager acm =
> (JackrabbitAccessControlManager) session
>                 .getAccessControlManager();
>
>         Principal principal = user.getPrincipal();
>
>         JackrabbitAccessControlPolicy[] ps =
> acm.getApplicablePolicies(principal);
>         // next is line 133:
>         JackrabbitAccessControlList list = (JackrabbitAccessControlList)
> ps[0];
>
>         // add privileges
>
>         Privilege[] nprivileges = new Privilege[privileges.length];
>         int i = 0;
>         for (String p : privileges) {
>             nprivileges[i] = acm.privilegeFromName(p);
>             i++;
>         }
>
>         Map<String, Value> restrictions = new HashMap<String, Value>();
>         ValueFactory vf = session.getValueFactory();
>
>         restrictions.put("rep:nodePath", vf.createValue("/",
> PropertyType.PATH));
>         restrictions.put("rep:glob", vf.createValue("*"));
>
>         list.addEntry(principal, nprivileges, true /* allow or deny */,
> restrictions);
>
>         // store privilege changes
>
>         acm.setPolicy(list.getPath(), list);
>
>     }
>
> And I also added this to ~/jackrabbit/workspaces/security/workspace.xml:
>
>         <WorkspaceSecurity>
>             <AccessControlProvider
> class="org.apache.jackrabbit.core.security.authorization.combined.CombinedProvider"
> />
>         </WorkspaceSecurity>
>
> But when I trigger my servlet I get an empty array in line 132:
>
> 2015-08-13 12:06:06.364 INFO  [http-bio-8080-exec-3] MyInitServlet.java:64
> called: doGet(org.apache.catalina.connector.RequestFacade@67a4315b
> ,org.apache.catalina.connector.ResponseFacade@639bb977)
> 2015-08-13 12:06:06.419 INFO  [http-bio-8080-exec-3]
> CachingEntryCollector.java:362 Creating cache with max size of: 5000
> 2015-08-13 12:06:06.420 INFO  [http-bio-8080-exec-3]
> CachingEntryCollector.java:369 Root is special-cased: true
> 2015-08-13 12:06:06.421 INFO  [http-bio-8080-exec-3]
> CachingEntryCollector.java:73 Cache Update Strategy: T
> 2015-08-13 12:06:06.421 INFO  [http-bio-8080-exec-3]
> CachingEntryCollector.java:78 Caching entries with no ACLs: false
> 2015-08-13 12:06:06.466 WARN  [http-bio-8080-exec-3]
> UserManagerImpl.java:858 Unexpected user/group node type
> rep:AuthorizableFolder
> 2015-08-13 12:06:06.468 WARN  [http-bio-8080-exec-3]
> UserManagerImpl.java:858 Unexpected user/group node type
> rep:AuthorizableFolder
> 2015-08-13 12:06:06.469 WARN  [http-bio-8080-exec-3]
> UserManagerImpl.java:858 Unexpected user/group node type
> rep:AuthorizableFolder
> 2015-08-13 12:06:06.470 WARN  [http-bio-8080-exec-3]
> UserManagerImpl.java:858 Unexpected user/group node type
> rep:AuthorizableFolder
> 2015-08-13 12:06:06.471 WARN  [http-bio-8080-exec-3]
> UserManagerImpl.java:858 Unexpected user/group node type
> rep:AuthorizableFolder
> 2015-08-13 12:06:06.770 INFO  [http-bio-8080-exec-3] ClusterNode.java:711
> [1] 1 system@security:/ (24906)
> 2015-08-13 12:06:06.857 INFO  [http-bio-8080-exec-3]
> CachingEntryCollector.java:362 Creating cache with max size of: 5000
> 2015-08-13 12:06:06.858 INFO  [http-bio-8080-exec-3]
> CachingEntryCollector.java:369 Root is special-cased: true
> 2015-08-13 12:06:06.858 INFO  [http-bio-8080-exec-3]
> CachingEntryCollector.java:73 Cache Update Strategy: T
> 2015-08-13 12:06:06.858 INFO  [http-bio-8080-exec-3]
> CachingEntryCollector.java:78 Caching entries with no ACLs: false
> java.lang.ArrayIndexOutOfBoundsException: 0
>     at my.jcrweb.j2ee.MyInitServlet.addPrivileges(MyInitServlet.java:133)
>     at my.jcrweb.j2ee.MyInitServlet.doGet(MyInitServlet.java:100)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
>
>
> I also read this thread:
> http://jackrabbit.510166.n4.nabble.com/Setting-up-Access-Control-td3809801.html
>
> I also tried acl.getPolicies() instead of getApplicablePolicies()
>
> I'm totally stuck here ... Am I doing something wrong, generally or ...
> how do I create my own empty JackrabbitAccessControlList?
>
> Karsten
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message