That is exactly what i need, just to set up ACLs on nodes to allow some users to read them, other users write them (add and delete childs), disallow access to others and so on, nothing complicated, but i think i got myself lost inside the source code instead of abstracting and using the API.
The code that has just been updated in the Wiki to ilustrate how resource based ACLs are managed is much like the code i tried, but the problem for me comes when invocating aMgr.setPolicy(path,acl); . There was where i started to dive inside source code and, if i use SimpleAccessManager (specified in repository.xml file), the setPolicy source code reveals that the policy/ACL is not finally bound to the path (i.e.: no code that states that "this policy" is applied to "this path"). I do not have right now the source code of this method (sorry :S) but it contains just to invocations to check methods and it throws always an exception. On the other hand, if i use the DefaultAccessManager instead, i am not able even to log in the repository and every action i try to perform throws an exception (AccessDenied, PathNotFound,...). So, should i attend any configuration prior to start working on access control? I must say that both this last email and the update of the Wiki help me to clarify my ideas and what is the right path to successfully setup ACLs, thank you all very much, it really helped! 2011/9/13 maikhorma <[email protected]> > > Francisco Carriedo Scher wrote: > > > > Ok, > > > > thanks in advance for answering. I found DefaultAccessManager class, > which > > extends AbstractAccessControlManager (and has setPolicy method > > implemented). > > After it i set such class in repository.xml file to use it as my access > > manager and, leaving commented the access.xml file (with no file), i can > > not > > perform operations on the repository (logged in as admin), as i obtain > the > > following exceptions: > > > > javax.jcr.PathNotFoundException: /myfolder (trying to access a node to > > create a child node) > > javax.jcr.AccessDeniedException: cannot read item > > cafebabe-cafe-babe-cafe-babecafebabe (trying to create a user) > > ... > > > > So i think that access.xml line must be uncommented (DefaultAccessManager > > can not be instantiated since such file does not exist) and populated > with > > access control data, isn't it? I did not find access.xml info so far, any > > useful pointer? > > > > Thanks for your attention! > > > > Can you back up a second and describe what you are actually trying to do? > It kind of sounds like you're just trying to apply normal permissions to a > node, but if that's so, it seems you are making it very complicated. As > Justin said you shouldn't need to implement classes or configure the > repository xml to set permissions. You should use the JCR Api [1] and > jackrabbit provides all the implementations for you. You log in, and then > call session.getAccessControlManager(). If you are trying to do something > more complicated, you'll have to be more specific. > > [1] http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html > > -- > View this message in context: > http://jackrabbit.510166.n4.nabble.com/Setting-up-Access-Control-tp3809801p3810401.html > Sent from the Jackrabbit - Users mailing list archive at Nabble.com. >
