AW: AW: AW: AW: New information about my last email...

Mon, 31 Jan 2011 04:59:09 -0800 

Hi Javier,

each AccessControlEntry has a user (or principal), you can getPrincipal() to 
retrieve it. The two privileges are the default privileges for the root node.

jcr:all - administrators
jcr:read - everyone

Your code failed with the new user, because the new user does not have the 
privilege jcr:readAccessControl for the root node - so you got a denied 
exception.

To set a privilege, you have to call something like this - but you need the 
necessary privileges to do so - so the best way would be to use an admin 
connection: 

    private void setPrivilegesWithoutCommit(JcrConnection connection,
            Authorizable auth, Node node, String[] privilegeNames)
            throws RepositoryException {
        if (privilegeNames.length < 1) {
            throw new IllegalArgumentException(
                    "The privilege names must not be empty.");
        }
        // determine privileges array
        AccessControlManager acm = 
connection.getSession().getAccessControlManager();
        List<Privilege> privList = new ArrayList<Privilege>();
        for (int i = 0; i < privilegeNames.length; ++i) {
            Privilege p = acm.privilegeFromName(privilegeNames[i]);
            privList.add(p);
        }
        Privilege[] privs = privList.toArray(new Privilege[privList.size()]);
        // set privileges
        AccessControlList acl = getAccessList(connection, node.getPath());
        acl.addAccessControlEntry(auth.getPrincipal(), privs);
        acm.setPolicy(node.getPath(), acl);
    }

Regards, Robert

-----Ursprüngliche Nachricht-----
Von: Javier Arias [mailto:[email protected]] 
Gesendet: Montag, 31. Januar 2011 13:31
An: [email protected]
Betreff: Re: AW: AW: AW: New information about my last email...

Hi Robert, I have called it and I got the AccessControlList. Afther that
I have executed the following code:

AccessControlList acl = WebDAVServer.getAccessList();

AccessControlEntry[] ace = acl.getAccessControlEntries();

System.out.println("AccesControlEntry - Length: " + ace.length);

Privilege[] p0 = ace[0].getPrivileges();
Privilege[] p1 = ace[1].getPrivileges();

System.out.println("Privilege1: " + p0[0].getName());
System.out.println("Privilege2: " + p1[0].getName());

and I have got the following results:


AccesControlEntry - Length: 2
Privilege1: jcr:all
Privilege2: jcr:read

To run this example, I used the admin user. If I use a new created user,
get the follow exception:


javax.jcr.AccessDeniedException: Access denied at / at
org.apache.jackrabbit.core.security.DefaultAccessManager.checkPermission(DefaultAccessManager.java:475)
 at 
org.apache.jackrabbit.core.security.DefaultAccessManager.getApplicablePolicies(DefaultAccessManager.java:326)

Should I login in as admin and change something in the instruction:
AccessControlPolicyIterator it =
acMngr.getApplicablePolicies(connection.getRootNode().getPath());  ?

Thank you for answering this endless thread.

Regards.


El vie, 28-01-2011 a las 13:22 +0100, Seidel. Robert escribió:
> Hi Javier,
> 
> here is some code snippet:
> 
>       /**
>        * returns the access control list for the node path
>        * @param connection the connection to the jackrabbit repository
>        * @param path the node path
>        * @return access control list (applicable or set)
>        * @throws AccessDeniedException
>        * @throws RepositoryException
>        */
>       private AccessControlList getAccessList(JcrConnection connection, 
> String path) throws AccessDeniedException, RepositoryException {
>               AccessControlManager acMngr = 
> connection.getSession().getAccessControlManager();
>               AccessControlPolicyIterator it = 
> acMngr.getApplicablePolicies(path);
>               while(it.hasNext()) {
>                       AccessControlPolicy acp = it.nextAccessControlPolicy();
>                       if (acp instanceof AccessControlList) {
>                               return (AccessControlList) acp;
>                       }
>               }
>               AccessControlPolicy[] acps = acMngr.getPolicies(path);
>               for (AccessControlPolicy accessControlPolicy : acps) {
>                       if (accessControlPolicy instanceof AccessControlList) {
>                               return (AccessControlList) accessControlPolicy;
>                       }
>               }
>               throw new RepositoryException("No AccessControlList at " + 
> path);
>       }
> 
> Regards, Robert
>

Reply via email to