how to provide read-access to a user using a principal based ACL

Tue, 08 May 2012 02:55:22 -0700 

Hi,

I am new to jackrabbit. I am creating a content repository. I want to give 
users specific access for nodes. Eg I want to assign read access to user john 
for node /adminuser/resources

Following is the code I m using

try{

                        Repository repository = 
createJCRRepository.createRepository();
                        Session session = repository.login(new 
SimpleCredentials("admin","".toCharArray()));
                        System.out.println("connected to Repository 
successfully at D:/jcrconfigfile/repo....");

                        Node n1 = session.getNode("/adminuser/resources");

                        // usual entry point into the Jackrabbit API
                        JackrabbitSession js = (JackrabbitSession) session;

                        PrincipalManager pMgr = js.getPrincipalManager();
                        Principal principal = 
pMgr.getPrincipal(session.getUserID());

                        User user = ((User) 
js.getUserManager().getAuthorizable("john"));
                        principal = user.getPrincipal();

                        System.out.println("principal is ======="+principal);
                        JackrabbitAccessControlManager acMgr = 
(JackrabbitAccessControlManager) session.getAccessControlManager();

                         AccessControlPolicyIterator it =  
acMgr.getApplicablePolicies(n1.getPath());
                         if (it.hasNext()) {

                                 System.out.println(" coming here to set 
policy");
                                 AccessControlPolicy policy = 
it.nextAccessControlPolicy();
                                 if (policy instanceof AccessControlList) {
                                         Privilege[] privileges = new 
Privilege[1];
                                         privileges[0] = 
acMgr.privilegeFromName(Privilege.JCR_READ);
                                         
((AccessControlList)policy).addAccessControlEntry(user.getPrincipal(),
                                                         privileges);
                                         acMgr.setPolicy(n1.getPath(), policy);
                                 }
                         }

                         System.out.println(" access provided");
                        session.save();
                        session.logout();

                }catch(Exception ex){
                        ex.printStackTrace();

                }



Problem is that the above code should give only read access to user john for 
specified node. But when I m logging in as user john he is able to perform add, 
delete all operations on /adminuser/resources node. John is able to add new 
node report under /adminuser/resources and also able to delete it. Which I 
don't want I want to give only read access.

Can anybody pointout where I m making mistake?

Thanks
kanchan

NOTICE TO RECIPIENT: THIS E-MAIL (INCLUDING ANY ATTACHMENTS) IS MEANT FOR ONLY 
THE INTENDED RECIPIENT OF THE TRANSMISSION, MAY CONTAIN CONFIDENTIAL 
INFORMATION, AND IS PROTECTED BY LAW. IF YOU RECEIVED THIS E-MAIL IN ERROR, 
PLEASE IMMEDIATELY NOTIFY THE SENDER OF THE ERROR BY RETURN E-MAIL, DELETE THIS 
COMMUNICATION AND SHRED ANY ATTACHMENTS. UNAUTHORIZED REVIEW, USE, 
DISSEMINATION, DISTRIBUTION, COPYING OR TAKING OF ANY ACTION BASED ON THIS 
COMMUNICATION IS STRICTLY PROHIBITED.

Reply via email to