jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Atif Manzoor <atif.manz...@gmail.com>
Subject Re: Access control
Date Tue, 25 Aug 2015 10:05:13 GMT
Hi Karsten

No actually I was just trying out the simplest case to control access to a
particular code. At later stage I will allow or restrict read / write
access to a node for different users.

Kind regards,
Atif

On Tue, Aug 25, 2015 at 10:53 AM, Karsten Priegnitz <koem@petoria.de> wrote:

> Hi Atif
>
> reading your code it seems to me you just want to add JCR_ALL privileges
> to some user. This is what allow() does. No need to do something else. And:
> "admin" normally already has these privileges.
>
> I'd try this (not tested)
>
> AccessControlUtils.allow(session.getRootNode(),
> EveryonePrincipal.getInstance()
> .getName(), Privilege.JCR_ALL);
>
>
> What do you want to accomplish? Make everyone admin?
>
>
> Karsten R. Priegnitz
>
> programmierer | web-entwickler | linux administrator | digitaler nomade
> business: kontakt <http://petoria.de/portfolio/contact-about/> |
> portfolio <http://petoria.de/portfolio/>
> ------------------------------------------------------------------------
>
> Am 25.08.2015 um 10:54 schrieb Atif Manzoor:
>
>> Hi Karsten
>>
>> Thanks a lot for your help. I tried AccessControlUtils.allow(), however
>> AccessControlUtils.getACL() is still returning NULL. I think I may have
>> also have to do something else to enable access control that particular
>> node. Following is my code complete code that tried AccessControlUtils. I
>> am still getting Null for acl.
>>
>> Repository repository = new  TransientRepository();
>> Session session = repository.login(new SimpleCredentials("admin",
>> "password".toCharArray()));
>> Node root = session.getRootNode();
>> root.addNode("leftChild");
>> root.addNode("rightChild");
>>
>> session.save();
>> String path = session.getRootNode().getPath();
>> System.out.println(path);
>> AccessControlManager acm = session.getAccessControlManager();
>> AccessControlUtils.allow(session.getRootNode(), "admin",
>> Privilege.JCR_ALL);
>> AccessControlList acl = AccessControlUtils.getAccessControlList(session,
>> path);
>> for (AccessControlEntry e : acl.getAccessControlEntries()) {
>> acl.removeAccessControlEntry(e);
>> }
>> acl.addAccessControlEntry(EveryonePrincipal.getInstance(), new Privilege[]
>> { acm
>> .privilegeFromName(Privilege.JCR_ALL) });
>> acm.setPolicy(path, acl);
>> session.save();
>>
>> Regards,
>> Atif
>>
>> On Tue, Aug 25, 2015 at 7:46 AM, Karsten Priegnitz <koem@petoria.de>
>> wrote:
>>
>> Hi Atif,
>>>
>>> I had the same problem as you and then I found
>>>
>>> org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils:
>>>
>>> and that's all: AccessControlUtils.allow(session.getRootNode(), username,
>>> Privilege.JCR_ALL);
>>>
>>> Best
>>> Karsten
>>>
>>>
>>>
>>> Karsten R. Priegnitz
>>>
>>> programmierer | web-entwickler | linux administrator | digitaler nomade
>>> business: kontakt <http://petoria.de/portfolio/contact-about/> |
>>> portfolio <http://petoria.de/portfolio/>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> Am 24.08.2015 um 22:40 schrieb Clay Ferguson:
>>>
>>> I'm not *that* much of an expert, but it kind of works by bubbling up
>>>> towards the root I believe. So if you query for ACL on a node and it
>>>> finds
>>>> none, that is fine. It just means that node is effectively controlled by
>>>> an
>>>> ancestor. Once you start adding AC L privs the that root starts applying
>>>> those there and all beneath it on the tree recursively. By default
>>>> 'admin'
>>>> user has full privileges and everyone else has none. The session that
>>>> creates a node i think by default has all privs on that node, but i'd
>>>> have
>>>> to check my code...I might be adding privs when creating. Look at my
>>>> "controller" class, and that is the top level, and a lot of stuff like
>>>> creating new nodes, moving nodes, adding ACLs etc can be sussed out by
>>>> just
>>>> looking at my code and not even running it. It's not too complicated.
>>>> Does
>>>> that answer the question?
>>>>
>>>> Best regards,
>>>> Clay Ferguson
>>>> wclayf@gmail.com
>>>>
>>>>
>>>> On Mon, Aug 24, 2015 at 2:53 PM, Atif Manzoor <atif.manzoor@gmail.com>
>>>> wrote:
>>>>
>>>> Hi Clay
>>>>
>>>>> Thanks a lot for your response. I have been through your code and have
>>>>> found that you have also been using getApplicablePolicies(path) and
>>>>> getPolicies(path) function to get AccessControlList (ACL) object,
>>>>> however
>>>>> both of these function have not been returning any ACL policies for me.
>>>>> In
>>>>> words my node does not contain any modifiable ACL. Can you tell me why
>>>>> is
>>>>> that. What will I have to do, so that the node should also have
>>>>> modifiable
>>>>> ACL.
>>>>>
>>>>> Kind regards,
>>>>> Atif
>>>>>
>>>>> On Mon, Aug 24, 2015 at 7:01 PM, Clay Ferguson <wclayf@gmail.com>
>>>>> wrote:
>>>>>
>>>>> Hello Atif,
>>>>>
>>>>>> You should check out my open source project:
>>>>>> https://github.com/Clay-Ferguson/meta64
>>>>>>
>>>>>> Download the zip and search for the words 'privilege' and/or
>>>>>>
>>>>>> AccessControl,
>>>>>
>>>>> etc.
>>>>>>
>>>>>> The AclService.java class has ability to do basic listing of
>>>>>> privileges
>>>>>>
>>>>>> for
>>>>>
>>>>> a node, and adding or removing privileges from a node, and might help
>>>>>> you
>>>>>> some. Good luck.
>>>>>>
>>>>>> Best regards,
>>>>>> Clay Ferguson
>>>>>> wclayf@gmail.com
>>>>>>
>>>>>>
>>>>>> On Mon, Aug 24, 2015 at 12:07 PM, Atif Manzoor <
>>>>>> atif.manzoor@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> I am new to Jackrabbit and after going through the first hops and
>>>>>> little
>>>>>> bit of documentation, I was trying to configure Access Control for
the
>>>>>>
>>>>>>> repository nodes. I was extending ThirdHop tutorial for that
purpose
>>>>>>>
>>>>>>> and
>>>>>> was following access control wiki
>>>>>>
>>>>>>> http://wiki.apache.org/jackrabbit/AccessControl and had the
>>>>>>> following
>>>>>>> code.
>>>>>>>
>>>>>>> Session session = repository.login(new SimpleCredentials("username",
>>>>>>> "password"
>>>>>>> .toCharArray()));
>>>>>>> Node node = session.getRootNode();
>>>>>>> String path = node.getPath();
>>>>>>> AccessControlManager acm = session.getAccessControlManager();
>>>>>>>
>>>>>>> Privilege[] privileges = new Privilege[] { acm
>>>>>>> .privilegeFromName(Privilege.JCR_ALL) };
>>>>>>> AccessControlList acl;
>>>>>>> try {
>>>>>>> acl = (AccessControlList) acm.getApplicablePolicies(path)
>>>>>>> .nextAccessControlPolicy();
>>>>>>> } catch (NoSuchElementException e) {
>>>>>>> acl = (AccessControlList) acm.getPolicies(path)[0];
>>>>>>> }
>>>>>>> for (AccessControlEntry e : acl.getAccessControlEntries()) {
>>>>>>> acl.removeAccessControlEntry(e);
>>>>>>> }
>>>>>>> acl.addAccessControlEntry(EveryonePrincipal.getInstance(),
>>>>>>> privileges);
>>>>>>> acm.setPolicy(path, acl);
>>>>>>> session.save();
>>>>>>>
>>>>>>> My problem is that I could not get AccessControlList with this
code.
>>>>>>>
>>>>>>> Both
>>>>>> functions (getApplicablePolicies and getAllPolicies) don't have any
>>>>>>
>>>>>>> AccessControlList attached with them. Can you tell me where I
went
>>>>>>>
>>>>>>> wrong. I
>>>>>>
>>>>>> have been using the default security configuration.
>>>>>>>
>>>>>>> Thanks
>>>>>>> Atif
>>>>>>>
>>>>>>>
>>>>>>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message