assigning all access for everyone from a principal ACL based provider

Fri, 11 May 2012 03:39:45 -0700 

Hi,

I am trying to use principal base ACL to assign all accesses to a user names 
user2. Following is my code.
The code is running successfully. But when I am logging in as User2 and trying 
to add a child node under "adminuser/test1" I am getting exception saying

javax.jcr.AccessDeniedException: /adminuser/test1/test2: not allowed to add or 
modify item






 try{
                Repository repository = createJCRRepository.createRepository();
                session = repository.login(new 
SimpleCredentials("admin","".toCharArray()));
                String nodepath = "adminuser/test1";

                JackrabbitSession js = (JackrabbitSession) session;
                User user = ((User) 
js.getUserManager().getAuthorizable("user2"));
                Principal principal = user.getPrincipal();
                System.out.println(user.getPrincipal());

                Node n2 = session.getNode("/"+nodepath);
                JackrabbitAccessControlManager acm = 
(JackrabbitAccessControlManager)session.getAccessControlManager();
                JackrabbitAccessControlPolicy[] ps  = 
acm.getPolicies(user.getPrincipal());//acm.getApplicablePolicies(user.getPrincipal());
                System.out.println("  policy list it=== "+ps.length);

                JackrabbitAccessControlList list = 
(JackrabbitAccessControlList) ps[0];

                // list entries
                AccessControlEntry[] entries = list.getAccessControlEntries();

                if(entries.length>0){
                        System.out.println(" removing previous entries......");
                        AccessControlEntry entry = entries[0];
                        // remove entry
                        list.removeAccessControlEntry(entry);
                }
                // add new entry
                                        Privilege[] privileges = new 
Privilege[] { acm.privilegeFromName(Privilege.JCR_ALL)};
                                        Map<String, Value> restrictions = new 
HashMap<String, Value>();
                                        ValueFactory vf = 
session.getValueFactory();
                                        restrictions.put("rep:nodePath", 
vf.createValue(nodepath, PropertyType.PATH));
                                        restrictions.put("rep:glob", 
vf.createValue("*"));
                                        list.addEntry(principal, privileges, 
true /* allow or deny */, restrictions);

                                        // reorder entries
                                        //list.orderBefore(entry, entry2);

                                        // finally set policy again & save
                                        acm.setPolicy(list.getPath(), list);


                System.out.println("access provided at ===== "+nodepath);
                session.save();
                }catch(Exception ex){
                        ex.printStackTrace();
                }finally{
                        session.logout();
                }

NOTICE TO RECIPIENT: THIS E-MAIL (INCLUDING ANY ATTACHMENTS) IS MEANT FOR ONLY 
THE INTENDED RECIPIENT OF THE TRANSMISSION, MAY CONTAIN CONFIDENTIAL 
INFORMATION, AND IS PROTECTED BY LAW. IF YOU RECEIVED THIS E-MAIL IN ERROR, 
PLEASE IMMEDIATELY NOTIFY THE SENDER OF THE ERROR BY RETURN E-MAIL, DELETE THIS 
COMMUNICATION AND SHRED ANY ATTACHMENTS. UNAUTHORIZED REVIEW, USE, 
DISSEMINATION, DISTRIBUTION, COPYING OR TAKING OF ANY ACTION BASED ON THIS 
COMMUNICATION IS STRICTLY PROHIBITED.

Reply via email to