Karsten, I have a web app that I "think" is doing it reasonably correct (ACLs), or at least appears to work. You can find the working code here: https://github.com/Clay-Ferguson/meta64 Just download the zip and search for the keywords "acl", "privilege", "principle". Also see AclService.java and AccessControlUtil.java.
Best regards, Clay Ferguson [email protected] On Thu, Aug 13, 2015 at 5:21 AM, Karsten Priegnitz <[email protected]> wrote: > Hallo group, > > I'm trying to add Principal-based ACLs as described here: > http://wiki.apache.org/jackrabbit/AccessControl. But using that code I > get an ArrayIndexOutOfBoundsException. > > I have the jackrabbit-webapp-2.10.1 running from sources in Eclipse. > Works. Next I wrote a servlet that does init stuff: add 2 users adam & eve > and grant them ACL_ALL (all privileges) on the root node. > > Code: > > public class MyInitServlet extends HttpServlet { > > @Override > protected void doGet(HttpServletRequest req, HttpServletResponse resp) > throws ServletException, > IOException { > > super.doGet(req, resp); > > try { > // get the repo from context > > ServletContext context = this.getServletContext(); > Repository repo = (Repository) > context.getAttribute(Repository.class.getName()); > > // login as admin > > JackrabbitSession session = (JackrabbitSession) > Helper.login(repo, > Helper.ADMIN_CREDENTIALS); > > UserManager um = session.getUserManager(); > for (String username : new String[] { "adam", "eve"}) { > > // create the user > > Authorizable authorizable = um.getAuthorizable(username); > if (authorizable == null) { > um.createUser(username, username); > session.save(); > } > > User user = (User) um.getAuthorizable(username); > addPrivileges(session, user, Privilege.JCR_ALL); > > session.save(); > > LOG.info(" created user '{}'", username); > } > > ... > > } catch (Exception e) { > e.printStackTrace(); > } > > } > > public static void addPrivileges(JackrabbitSession session, User user, > String... privileges) > throws AccessDeniedException, AccessControlException, > UnsupportedRepositoryOperationException, RepositoryException { > > // add principal-based privileges > // @see: http://wiki.apache.org/jackrabbit/AccessControl > > JackrabbitAccessControlManager acm = > (JackrabbitAccessControlManager) session > .getAccessControlManager(); > > Principal principal = user.getPrincipal(); > > JackrabbitAccessControlPolicy[] ps = > acm.getApplicablePolicies(principal); > // next is line 133: > JackrabbitAccessControlList list = (JackrabbitAccessControlList) > ps[0]; > > // add privileges > > Privilege[] nprivileges = new Privilege[privileges.length]; > int i = 0; > for (String p : privileges) { > nprivileges[i] = acm.privilegeFromName(p); > i++; > } > > Map<String, Value> restrictions = new HashMap<String, Value>(); > ValueFactory vf = session.getValueFactory(); > > restrictions.put("rep:nodePath", vf.createValue("/", > PropertyType.PATH)); > restrictions.put("rep:glob", vf.createValue("*")); > > list.addEntry(principal, nprivileges, true /* allow or deny */, > restrictions); > > // store privilege changes > > acm.setPolicy(list.getPath(), list); > > } > > And I also added this to ~/jackrabbit/workspaces/security/workspace.xml: > > <WorkspaceSecurity> > <AccessControlProvider > class="org.apache.jackrabbit.core.security.authorization.combined.CombinedProvider" > /> > </WorkspaceSecurity> > > But when I trigger my servlet I get an empty array in line 132: > > 2015-08-13 12:06:06.364 INFO [http-bio-8080-exec-3] MyInitServlet.java:64 > called: doGet(org.apache.catalina.connector.RequestFacade@67a4315b > ,org.apache.catalina.connector.ResponseFacade@639bb977) > 2015-08-13 12:06:06.419 INFO [http-bio-8080-exec-3] > CachingEntryCollector.java:362 Creating cache with max size of: 5000 > 2015-08-13 12:06:06.420 INFO [http-bio-8080-exec-3] > CachingEntryCollector.java:369 Root is special-cased: true > 2015-08-13 12:06:06.421 INFO [http-bio-8080-exec-3] > CachingEntryCollector.java:73 Cache Update Strategy: T > 2015-08-13 12:06:06.421 INFO [http-bio-8080-exec-3] > CachingEntryCollector.java:78 Caching entries with no ACLs: false > 2015-08-13 12:06:06.466 WARN [http-bio-8080-exec-3] > UserManagerImpl.java:858 Unexpected user/group node type > rep:AuthorizableFolder > 2015-08-13 12:06:06.468 WARN [http-bio-8080-exec-3] > UserManagerImpl.java:858 Unexpected user/group node type > rep:AuthorizableFolder > 2015-08-13 12:06:06.469 WARN [http-bio-8080-exec-3] > UserManagerImpl.java:858 Unexpected user/group node type > rep:AuthorizableFolder > 2015-08-13 12:06:06.470 WARN [http-bio-8080-exec-3] > UserManagerImpl.java:858 Unexpected user/group node type > rep:AuthorizableFolder > 2015-08-13 12:06:06.471 WARN [http-bio-8080-exec-3] > UserManagerImpl.java:858 Unexpected user/group node type > rep:AuthorizableFolder > 2015-08-13 12:06:06.770 INFO [http-bio-8080-exec-3] ClusterNode.java:711 > [1] 1 system@security:/ (24906) > 2015-08-13 12:06:06.857 INFO [http-bio-8080-exec-3] > CachingEntryCollector.java:362 Creating cache with max size of: 5000 > 2015-08-13 12:06:06.858 INFO [http-bio-8080-exec-3] > CachingEntryCollector.java:369 Root is special-cased: true > 2015-08-13 12:06:06.858 INFO [http-bio-8080-exec-3] > CachingEntryCollector.java:73 Cache Update Strategy: T > 2015-08-13 12:06:06.858 INFO [http-bio-8080-exec-3] > CachingEntryCollector.java:78 Caching entries with no ACLs: false > java.lang.ArrayIndexOutOfBoundsException: 0 > at my.jcrweb.j2ee.MyInitServlet.addPrivileges(MyInitServlet.java:133) > at my.jcrweb.j2ee.MyInitServlet.doGet(MyInitServlet.java:100) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:620) > > > I also read this thread: > http://jackrabbit.510166.n4.nabble.com/Setting-up-Access-Control-td3809801.html > > I also tried acl.getPolicies() instead of getApplicablePolicies() > > I'm totally stuck here ... Am I doing something wrong, generally or ... > how do I create my own empty JackrabbitAccessControlList? > > Karsten >
