Hi Karsten No actually I was just trying out the simplest case to control access to a particular code. At later stage I will allow or restrict read / write access to a node for different users.
Kind regards, Atif On Tue, Aug 25, 2015 at 10:53 AM, Karsten Priegnitz <[email protected]> wrote: > Hi Atif > > reading your code it seems to me you just want to add JCR_ALL privileges > to some user. This is what allow() does. No need to do something else. And: > "admin" normally already has these privileges. > > I'd try this (not tested) > > AccessControlUtils.allow(session.getRootNode(), > EveryonePrincipal.getInstance() > .getName(), Privilege.JCR_ALL); > > > What do you want to accomplish? Make everyone admin? > > > Karsten R. Priegnitz > > programmierer | web-entwickler | linux administrator | digitaler nomade > business: kontakt <http://petoria.de/portfolio/contact-about/> | > portfolio <http://petoria.de/portfolio/> > ------------------------------------------------------------------------ > > Am 25.08.2015 um 10:54 schrieb Atif Manzoor: > >> Hi Karsten >> >> Thanks a lot for your help. I tried AccessControlUtils.allow(), however >> AccessControlUtils.getACL() is still returning NULL. I think I may have >> also have to do something else to enable access control that particular >> node. Following is my code complete code that tried AccessControlUtils. I >> am still getting Null for acl. >> >> Repository repository = new TransientRepository(); >> Session session = repository.login(new SimpleCredentials("admin", >> "password".toCharArray())); >> Node root = session.getRootNode(); >> root.addNode("leftChild"); >> root.addNode("rightChild"); >> >> session.save(); >> String path = session.getRootNode().getPath(); >> System.out.println(path); >> AccessControlManager acm = session.getAccessControlManager(); >> AccessControlUtils.allow(session.getRootNode(), "admin", >> Privilege.JCR_ALL); >> AccessControlList acl = AccessControlUtils.getAccessControlList(session, >> path); >> for (AccessControlEntry e : acl.getAccessControlEntries()) { >> acl.removeAccessControlEntry(e); >> } >> acl.addAccessControlEntry(EveryonePrincipal.getInstance(), new Privilege[] >> { acm >> .privilegeFromName(Privilege.JCR_ALL) }); >> acm.setPolicy(path, acl); >> session.save(); >> >> Regards, >> Atif >> >> On Tue, Aug 25, 2015 at 7:46 AM, Karsten Priegnitz <[email protected]> >> wrote: >> >> Hi Atif, >>> >>> I had the same problem as you and then I found >>> >>> org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils: >>> >>> and that's all: AccessControlUtils.allow(session.getRootNode(), username, >>> Privilege.JCR_ALL); >>> >>> Best >>> Karsten >>> >>> >>> >>> Karsten R. Priegnitz >>> >>> programmierer | web-entwickler | linux administrator | digitaler nomade >>> business: kontakt <http://petoria.de/portfolio/contact-about/> | >>> portfolio <http://petoria.de/portfolio/> >>> ------------------------------------------------------------------------ >>> >>> >>> Am 24.08.2015 um 22:40 schrieb Clay Ferguson: >>> >>> I'm not *that* much of an expert, but it kind of works by bubbling up >>>> towards the root I believe. So if you query for ACL on a node and it >>>> finds >>>> none, that is fine. It just means that node is effectively controlled by >>>> an >>>> ancestor. Once you start adding AC L privs the that root starts applying >>>> those there and all beneath it on the tree recursively. By default >>>> 'admin' >>>> user has full privileges and everyone else has none. The session that >>>> creates a node i think by default has all privs on that node, but i'd >>>> have >>>> to check my code...I might be adding privs when creating. Look at my >>>> "controller" class, and that is the top level, and a lot of stuff like >>>> creating new nodes, moving nodes, adding ACLs etc can be sussed out by >>>> just >>>> looking at my code and not even running it. It's not too complicated. >>>> Does >>>> that answer the question? >>>> >>>> Best regards, >>>> Clay Ferguson >>>> [email protected] >>>> >>>> >>>> On Mon, Aug 24, 2015 at 2:53 PM, Atif Manzoor <[email protected]> >>>> wrote: >>>> >>>> Hi Clay >>>> >>>>> Thanks a lot for your response. I have been through your code and have >>>>> found that you have also been using getApplicablePolicies(path) and >>>>> getPolicies(path) function to get AccessControlList (ACL) object, >>>>> however >>>>> both of these function have not been returning any ACL policies for me. >>>>> In >>>>> words my node does not contain any modifiable ACL. Can you tell me why >>>>> is >>>>> that. What will I have to do, so that the node should also have >>>>> modifiable >>>>> ACL. >>>>> >>>>> Kind regards, >>>>> Atif >>>>> >>>>> On Mon, Aug 24, 2015 at 7:01 PM, Clay Ferguson <[email protected]> >>>>> wrote: >>>>> >>>>> Hello Atif, >>>>> >>>>>> You should check out my open source project: >>>>>> https://github.com/Clay-Ferguson/meta64 >>>>>> >>>>>> Download the zip and search for the words 'privilege' and/or >>>>>> >>>>>> AccessControl, >>>>> >>>>> etc. >>>>>> >>>>>> The AclService.java class has ability to do basic listing of >>>>>> privileges >>>>>> >>>>>> for >>>>> >>>>> a node, and adding or removing privileges from a node, and might help >>>>>> you >>>>>> some. Good luck. >>>>>> >>>>>> Best regards, >>>>>> Clay Ferguson >>>>>> [email protected] >>>>>> >>>>>> >>>>>> On Mon, Aug 24, 2015 at 12:07 PM, Atif Manzoor < >>>>>> [email protected]> >>>>>> wrote: >>>>>> >>>>>> I am new to Jackrabbit and after going through the first hops and >>>>>> little >>>>>> bit of documentation, I was trying to configure Access Control for the >>>>>> >>>>>>> repository nodes. I was extending ThirdHop tutorial for that purpose >>>>>>> >>>>>>> and >>>>>> was following access control wiki >>>>>> >>>>>>> http://wiki.apache.org/jackrabbit/AccessControl and had the >>>>>>> following >>>>>>> code. >>>>>>> >>>>>>> Session session = repository.login(new SimpleCredentials("username", >>>>>>> "password" >>>>>>> .toCharArray())); >>>>>>> Node node = session.getRootNode(); >>>>>>> String path = node.getPath(); >>>>>>> AccessControlManager acm = session.getAccessControlManager(); >>>>>>> >>>>>>> Privilege[] privileges = new Privilege[] { acm >>>>>>> .privilegeFromName(Privilege.JCR_ALL) }; >>>>>>> AccessControlList acl; >>>>>>> try { >>>>>>> acl = (AccessControlList) acm.getApplicablePolicies(path) >>>>>>> .nextAccessControlPolicy(); >>>>>>> } catch (NoSuchElementException e) { >>>>>>> acl = (AccessControlList) acm.getPolicies(path)[0]; >>>>>>> } >>>>>>> for (AccessControlEntry e : acl.getAccessControlEntries()) { >>>>>>> acl.removeAccessControlEntry(e); >>>>>>> } >>>>>>> acl.addAccessControlEntry(EveryonePrincipal.getInstance(), >>>>>>> privileges); >>>>>>> acm.setPolicy(path, acl); >>>>>>> session.save(); >>>>>>> >>>>>>> My problem is that I could not get AccessControlList with this code. >>>>>>> >>>>>>> Both >>>>>> functions (getApplicablePolicies and getAllPolicies) don't have any >>>>>> >>>>>>> AccessControlList attached with them. Can you tell me where I went >>>>>>> >>>>>>> wrong. I >>>>>> >>>>>> have been using the default security configuration. >>>>>>> >>>>>>> Thanks >>>>>>> Atif >>>>>>> >>>>>>> >>>>>>> >
