Hi Atif
reading your code it seems to me you just want to add JCR_ALL privileges
to some user. This is what allow() does. No need to do something else.
And: "admin" normally already has these privileges.
I'd try this (not tested)
AccessControlUtils.allow(session.getRootNode(), EveryonePrincipal.getInstance()
.getName(), Privilege.JCR_ALL);
What do you want to accomplish? Make everyone admin?
Karsten R. Priegnitz
programmierer | web-entwickler | linux administrator | digitaler nomade
business: kontakt <http://petoria.de/portfolio/contact-about/> |
portfolio <http://petoria.de/portfolio/>
------------------------------------------------------------------------
Am 25.08.2015 um 10:54 schrieb Atif Manzoor:
Hi Karsten
Thanks a lot for your help. I tried AccessControlUtils.allow(), however
AccessControlUtils.getACL() is still returning NULL. I think I may have
also have to do something else to enable access control that particular
node. Following is my code complete code that tried AccessControlUtils. I
am still getting Null for acl.
Repository repository = new TransientRepository();
Session session = repository.login(new SimpleCredentials("admin",
"password".toCharArray()));
Node root = session.getRootNode();
root.addNode("leftChild");
root.addNode("rightChild");
session.save();
String path = session.getRootNode().getPath();
System.out.println(path);
AccessControlManager acm = session.getAccessControlManager();
AccessControlUtils.allow(session.getRootNode(), "admin", Privilege.JCR_ALL);
AccessControlList acl = AccessControlUtils.getAccessControlList(session,
path);
for (AccessControlEntry e : acl.getAccessControlEntries()) {
acl.removeAccessControlEntry(e);
}
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), new Privilege[]
{ acm
.privilegeFromName(Privilege.JCR_ALL) });
acm.setPolicy(path, acl);
session.save();
Regards,
Atif
On Tue, Aug 25, 2015 at 7:46 AM, Karsten Priegnitz <[email protected]> wrote:
Hi Atif,
I had the same problem as you and then I found
org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils:
and that's all: AccessControlUtils.allow(session.getRootNode(), username,
Privilege.JCR_ALL);
Best
Karsten
Karsten R. Priegnitz
programmierer | web-entwickler | linux administrator | digitaler nomade
business: kontakt <http://petoria.de/portfolio/contact-about/> |
portfolio <http://petoria.de/portfolio/>
------------------------------------------------------------------------
Am 24.08.2015 um 22:40 schrieb Clay Ferguson:
I'm not *that* much of an expert, but it kind of works by bubbling up
towards the root I believe. So if you query for ACL on a node and it finds
none, that is fine. It just means that node is effectively controlled by
an
ancestor. Once you start adding AC L privs the that root starts applying
those there and all beneath it on the tree recursively. By default 'admin'
user has full privileges and everyone else has none. The session that
creates a node i think by default has all privs on that node, but i'd have
to check my code...I might be adding privs when creating. Look at my
"controller" class, and that is the top level, and a lot of stuff like
creating new nodes, moving nodes, adding ACLs etc can be sussed out by
just
looking at my code and not even running it. It's not too complicated. Does
that answer the question?
Best regards,
Clay Ferguson
[email protected]
On Mon, Aug 24, 2015 at 2:53 PM, Atif Manzoor <[email protected]>
wrote:
Hi Clay
Thanks a lot for your response. I have been through your code and have
found that you have also been using getApplicablePolicies(path) and
getPolicies(path) function to get AccessControlList (ACL) object, however
both of these function have not been returning any ACL policies for me.
In
words my node does not contain any modifiable ACL. Can you tell me why is
that. What will I have to do, so that the node should also have
modifiable
ACL.
Kind regards,
Atif
On Mon, Aug 24, 2015 at 7:01 PM, Clay Ferguson <[email protected]> wrote:
Hello Atif,
You should check out my open source project:
https://github.com/Clay-Ferguson/meta64
Download the zip and search for the words 'privilege' and/or
AccessControl,
etc.
The AclService.java class has ability to do basic listing of privileges
for
a node, and adding or removing privileges from a node, and might help
you
some. Good luck.
Best regards,
Clay Ferguson
[email protected]
On Mon, Aug 24, 2015 at 12:07 PM, Atif Manzoor <[email protected]>
wrote:
I am new to Jackrabbit and after going through the first hops and
little
bit of documentation, I was trying to configure Access Control for the
repository nodes. I was extending ThirdHop tutorial for that purpose
and
was following access control wiki
http://wiki.apache.org/jackrabbit/AccessControl and had the following
code.
Session session = repository.login(new SimpleCredentials("username",
"password"
.toCharArray()));
Node node = session.getRootNode();
String path = node.getPath();
AccessControlManager acm = session.getAccessControlManager();
Privilege[] privileges = new Privilege[] { acm
.privilegeFromName(Privilege.JCR_ALL) };
AccessControlList acl;
try {
acl = (AccessControlList) acm.getApplicablePolicies(path)
.nextAccessControlPolicy();
} catch (NoSuchElementException e) {
acl = (AccessControlList) acm.getPolicies(path)[0];
}
for (AccessControlEntry e : acl.getAccessControlEntries()) {
acl.removeAccessControlEntry(e);
}
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges);
acm.setPolicy(path, acl);
session.save();
My problem is that I could not get AccessControlList with this code.
Both
functions (getApplicablePolicies and getAllPolicies) don't have any
AccessControlList attached with them. Can you tell me where I went
wrong. I
have been using the default security configuration.
Thanks
Atif
