Hi All,
I am working on jackrabbit to manage content and looking into the ACL for
permission.
I have created two nodes userBalaji and userShahid. I have given all
privileges of userBalaji node to balaji and userShahid node to shahid.
shahid does not have access to userBalaji node. When I retrieve userBalaji
node using shahid's session I was expecting no result or "access deny"
error but I was successfully able to retrieve useBalaji Node.
Is my assumption wrong. What is the expected behavior? Can jacrabbit hide
data for which user does not have permission? As for my understanding there
is no access deny permission.
I have also attached code snippet for better understanding about my code.
---Method adding user permissions to node
public static void userPermissionsResourceBased() {
try {
Session session = userLogin("admin");
SessionImpl si = (SessionImpl) session;
si.getUserManager();
Node node = session.getRootNode().getNode("userBalaji");
//Node node = session.getRootNode().getNode("userShahid");
String path = node.getPath();
UserManager userManager = si.getUserManager();
User user = ((User) userManager.getAuthorizable("balaji"));
//User user = ((User) userManager.getAuthorizable("shahid"));
User admin = ((User) userManager.getAuthorizable("admin"));
AccessControlManager aMgr = session.getAccessControlManager();
Privilege[] privileges = new
Privilege[]{aMgr.privilegeFromName(Privilege.JCR_ALL)};
Privilege[] privilegesAdmin = new
Privilege[]{aMgr.privilegeFromName(Privilege.JCR_ALL)};
AccessControlList acl;
try {
acl = (AccessControlList)
aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
} catch (NoSuchElementException e) {
acl = (AccessControlList) aMgr.getPolicies(path)[0];
}
acl.addAccessControlEntry(user.getPrincipal(), privileges);
//acl.addAccessControlEntry(admin.getPrincipal(),
privilegesAdmin);
//Setting for all users for perticular path
//aMgr.removePolicy(path, acl);
aMgr.setPolicy(path, acl);
session.save();
try {
acl = (AccessControlList)
aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
} catch (NoSuchElementException e) {
System.out.println("rrrrrr");
acl = (AccessControlList) aMgr.getPolicies(path)[0];
System.out.println("rrrrrr222");
}
AccessControlEntry[] accessControlEntries =
acl.getAccessControlEntries();
for (int i = 0; i < accessControlEntries.length; i++) {
System.out.println(accessControlEntries[i].getPrincipal());
System.out.println(accessControlEntries[i].getPrivileges()[0]);
}
session.logout();
} catch (Exception e) {
System.out.println("erroe in permissions===>" + e);
}
}
----Method for reading node
public static void readNode() {
try {
Session userLogin = userLogin("shahid");
System.out.println("Login OK by " + userLogin.getUserID() + "
user");
Node n = null;
try {
n = userLogin.getRootNode().getNode("SStorm");
} catch (Exception e) {
n = userLogin.getRootNode().addNode("SStorm");
}
Node c = n.getNode("userBalaji");
System.out.println("node
path............................OK"+c.getPath());
userLogin.logout();
} catch (Exception e) {
System.out.println("error==>" + e);
}
}
Regards,
Ashish
--
View this message in context:
http://jackrabbit.510166.n4.nabble.com/Jack-Rabbit-ACL-not-working-as-expected-tp4659041.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
