Hallo group,
I'm trying to add Principal-based ACLs as described here:
http://wiki.apache.org/jackrabbit/AccessControl. But using that code I
get an ArrayIndexOutOfBoundsException.
I have the jackrabbit-webapp-2.10.1 running from sources in Eclipse.
Works. Next I wrote a servlet that does init stuff: add 2 users adam &
eve and grant them ACL_ALL (all privileges) on the root node.
Code:
public class MyInitServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse
resp) throws ServletException,
IOException {
super.doGet(req, resp);
try {
// get the repo from context
ServletContext context = this.getServletContext();
Repository repo = (Repository)
context.getAttribute(Repository.class.getName());
// login as admin
JackrabbitSession session = (JackrabbitSession)
Helper.login(repo,
Helper.ADMIN_CREDENTIALS);
UserManager um = session.getUserManager();
for (String username : new String[] { "adam", "eve"}) {
// create the user
Authorizable authorizable = um.getAuthorizable(username);
if (authorizable == null) {
um.createUser(username, username);
session.save();
}
User user = (User) um.getAuthorizable(username);
addPrivileges(session, user, Privilege.JCR_ALL);
session.save();
LOG.info(" created user '{}'", username);
}
...
} catch (Exception e) {
e.printStackTrace();
}
}
public static void addPrivileges(JackrabbitSession session, User
user, String... privileges)
throws AccessDeniedException, AccessControlException,
UnsupportedRepositoryOperationException, RepositoryException {
// add principal-based privileges
// @see: http://wiki.apache.org/jackrabbit/AccessControl
JackrabbitAccessControlManager acm =
(JackrabbitAccessControlManager) session
.getAccessControlManager();
Principal principal = user.getPrincipal();
JackrabbitAccessControlPolicy[] ps =
acm.getApplicablePolicies(principal);
// next is line 133:
JackrabbitAccessControlList list =
(JackrabbitAccessControlList) ps[0];
// add privileges
Privilege[] nprivileges = new Privilege[privileges.length];
int i = 0;
for (String p : privileges) {
nprivileges[i] = acm.privilegeFromName(p);
i++;
}
Map<String, Value> restrictions = new HashMap<String, Value>();
ValueFactory vf = session.getValueFactory();
restrictions.put("rep:nodePath", vf.createValue("/",
PropertyType.PATH));
restrictions.put("rep:glob", vf.createValue("*"));
list.addEntry(principal, nprivileges, true /* allow or deny */,
restrictions);
// store privilege changes
acm.setPolicy(list.getPath(), list);
}
And I also added this to ~/jackrabbit/workspaces/security/workspace.xml:
<WorkspaceSecurity>
<AccessControlProvider
class="org.apache.jackrabbit.core.security.authorization.combined.CombinedProvider"
/>
</WorkspaceSecurity>
But when I trigger my servlet I get an empty array in line 132:
2015-08-13 12:06:06.364 INFO [http-bio-8080-exec-3]
MyInitServlet.java:64 called:
doGet(org.apache.catalina.connector.RequestFacade@67a4315b,org.apache.catalina.connector.ResponseFacade@639bb977)
2015-08-13 12:06:06.419 INFO [http-bio-8080-exec-3]
CachingEntryCollector.java:362 Creating cache with max size of: 5000
2015-08-13 12:06:06.420 INFO [http-bio-8080-exec-3]
CachingEntryCollector.java:369 Root is special-cased: true
2015-08-13 12:06:06.421 INFO [http-bio-8080-exec-3]
CachingEntryCollector.java:73 Cache Update Strategy: T
2015-08-13 12:06:06.421 INFO [http-bio-8080-exec-3]
CachingEntryCollector.java:78 Caching entries with no ACLs: false
2015-08-13 12:06:06.466 WARN [http-bio-8080-exec-3]
UserManagerImpl.java:858 Unexpected user/group node type
rep:AuthorizableFolder
2015-08-13 12:06:06.468 WARN [http-bio-8080-exec-3]
UserManagerImpl.java:858 Unexpected user/group node type
rep:AuthorizableFolder
2015-08-13 12:06:06.469 WARN [http-bio-8080-exec-3]
UserManagerImpl.java:858 Unexpected user/group node type
rep:AuthorizableFolder
2015-08-13 12:06:06.470 WARN [http-bio-8080-exec-3]
UserManagerImpl.java:858 Unexpected user/group node type
rep:AuthorizableFolder
2015-08-13 12:06:06.471 WARN [http-bio-8080-exec-3]
UserManagerImpl.java:858 Unexpected user/group node type
rep:AuthorizableFolder
2015-08-13 12:06:06.770 INFO [http-bio-8080-exec-3]
ClusterNode.java:711 [1] 1 system@security:/ (24906)
2015-08-13 12:06:06.857 INFO [http-bio-8080-exec-3]
CachingEntryCollector.java:362 Creating cache with max size of: 5000
2015-08-13 12:06:06.858 INFO [http-bio-8080-exec-3]
CachingEntryCollector.java:369 Root is special-cased: true
2015-08-13 12:06:06.858 INFO [http-bio-8080-exec-3]
CachingEntryCollector.java:73 Cache Update Strategy: T
2015-08-13 12:06:06.858 INFO [http-bio-8080-exec-3]
CachingEntryCollector.java:78 Caching entries with no ACLs: false
java.lang.ArrayIndexOutOfBoundsException: 0
at my.jcrweb.j2ee.MyInitServlet.addPrivileges(MyInitServlet.java:133)
at my.jcrweb.j2ee.MyInitServlet.doGet(MyInitServlet.java:100)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
I also read this thread:
http://jackrabbit.510166.n4.nabble.com/Setting-up-Access-Control-td3809801.html
I also tried acl.getPolicies() instead of getApplicablePolicies()
I'm totally stuck here ... Am I doing something wrong, generally or ...
how do I create my own empty JackrabbitAccessControlList?
Karsten
