Hi,
I am trying to learn the security API in Jackrabbit 1.5. I have managed to
create a couple of users and allocate privileges to them. I have peformed a
query and the privileges appear to be honoured. However I tried to remove
the privileges and they would not disappear, here is some example code:
I am missing a few utility methods, but you can see what I am trying to do.
I also don't understand how to create a group. It seems the only way to do
this is via createGroup(Principle) but then this throws an exception about
an existing authorizable with that name, so I can't see how to create a
group. The getAuthorizable(String id) also seems to return a user with a
matching name and will never return a group with the same name (if one could
be created).
I must be missing something,
regards,
Dave
@Test
public void testPortalPrivileges() throws Exception {
SessionImpl adminSession = (SessionImpl) getAdminSession();
UserManager userManager = adminSession.getUserManager();
Group portalGroup = null;
User portalUser = (User) userManager.getAuthorizable("portalGroup");
if (portalUser != null) {
// Not understanding how groups/users are managed???
// portalUser = userManager.createUser("portalGroup",
// "portalGroup");
// portalGroup =
userManager.createGroup(portalUser.getPrincipal(),
// "/portal");
}
AccessControlManager accessControlManager =
adminSession.getAccessControlManager();
Privilege[] privs = {
accessControlManager.privilegeFromName(Privilege.JCR_READ) };
Session userSession = getUserSession(portalUser);
System.out.println("Query before privs granted..");
showQuery(userSession,
"//portal/portal/pages//element(*,atom:Entry)");
addPrivileges(adminSession, portalPath, portalUser, privs);
System.out.println("Query after privs granted..");
showQuery(userSession,
"//portal/portal/pages//element(*,atom:Entry)");
removePrivileges(adminSession, portalPath, portalUser, privs);
System.out.println("Query after privs removed..");
showQuery(userSession,
"//portal/portal/pages//element(*,atom:Entry)");
}
protected void addPrivileges(SessionImpl adminSession, String path,
Authorizable auth, Privilege[] privs) throws
UnsupportedRepositoryOperationException, RepositoryException {
setPrivileges(adminSession, path, auth, privs, true);
}
protected void removePrivileges(SessionImpl adminSession, String path,
Authorizable auth, Privilege[] privs) throws
UnsupportedRepositoryOperationException, RepositoryException {
setPrivileges(adminSession, path, auth, privs, false);
}
protected void setPrivileges(SessionImpl adminSession, String path,
Authorizable auth, Privilege[] privs, boolean allow) throws
UnsupportedRepositoryOperationException, RepositoryException {
AccessControlManager accessControlManager =
adminSession.getAccessControlManager();
AccessControlPolicyIterator restrictedPolicies =
accessControlManager.getApplicablePolicies(path);
JackrabbitAccessControlList controlList =
(JackrabbitAccessControlList) restrictedPolicies.nextAccessControlPolicy();
controlList.addEntry(auth.getPrincipal(), privs, allow);
accessControlManager.setPolicy(path, controlList);
adminSession.save();
}
The privileges are added, but not removed
--
View this message in context:
http://www.nabble.com/Jackrabbit-1.5-Security-help-required-tp21118423p21118423.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
