I'm experimenting with meta64.com discussion capability. Who wants to discuss this stuff on there, and see if the meta64 works well as a discussion engine? I'm trying to make Social Media a federated free commodity, rather than monopolizedy by Diqus, Facebook, etc. Join me...
http://meta64.com?id=/wclayf/public/oak-jackrabbit-discussions Best regards, Clay Ferguson [email protected] On Tue, Aug 25, 2015 at 9:51 AM, Robert Munteanu <[email protected]> wrote: > Hi, > > On Tue, 2015-08-25 at 09:44 -0500, Clay Ferguson wrote: > > Atif, just beware that the "addChildren" privilege doesn't work as > > one > > would expect. If you want a principle to be able to add children to a > > node > > you must add ALL of the following privileges: > > > > "read", "write", "addChildren", "nodeTypeManagement" > > I think you can simply use rep:write ( not jcr:write ) as a shorthand. > > > > > That costed me many hours of headache, and at least one other person > > also. > > My personal belief this functionality requirement was an accident > > rather > > than by design and no one who is an Adobe customer has complained so > > they > > are leaving it as is. > > As far as I can tell the behaviour is according to the Access Control > Management chapter of the JCR 2.0 specification [1]. If there's a gap > between the spec and the implementation it's definitely worth a bug > report. > > Cheers, > > Robert > > [1]: http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html > #16.2.3%20Standard%20Privileges > > > > > > > Best regards, > > Clay Ferguson > > [email protected] > > > > > > On Tue, Aug 25, 2015 at 5:05 AM, Atif Manzoor <[email protected] > > > > > wrote: > > > > > Hi Karsten > > > > > > No actually I was just trying out the simplest case to control > > > access to a > > > particular code. At later stage I will allow or restrict read / > > > write > > > access to a node for different users. > > > > > > Kind regards, > > > Atif > > > > > > On Tue, Aug 25, 2015 at 10:53 AM, Karsten Priegnitz < > > > [email protected]> > > > wrote: > > > > > > > Hi Atif > > > > > > > > reading your code it seems to me you just want to add JCR_ALL > > > > privileges > > > > to some user. This is what allow() does. No need to do something > > > > else. > > > And: > > > > "admin" normally already has these privileges. > > > > > > > > I'd try this (not tested) > > > > > > > > AccessControlUtils.allow(session.getRootNode(), > > > > EveryonePrincipal.getInstance() > > > > .getName(), Privilege.JCR_ALL); > > > > > > > > > > > > What do you want to accomplish? Make everyone admin? > > > > > > > > > > > > Karsten R. Priegnitz > > > > > > > > programmierer | web-entwickler | linux administrator | digitaler > > > > nomade > > > > business: kontakt <http://petoria.de/portfolio/contact-about/> | > > > > portfolio <http://petoria.de/portfolio/> > > > > ----------------------------------------------------------------- > > > > ------- > > > > > > > > Am 25.08.2015 um 10:54 schrieb Atif Manzoor: > > > > > > > > > Hi Karsten > > > > > > > > > > Thanks a lot for your help. I tried AccessControlUtils.allow(), > > > > > however > > > > > AccessControlUtils.getACL() is still returning NULL. I think I > > > > > may have > > > > > also have to do something else to enable access control that > > > > > particular > > > > > node. Following is my code complete code that tried > > > > > AccessControlUtils. > > > I > > > > > am still getting Null for acl. > > > > > > > > > > Repository repository = new TransientRepository(); > > > > > Session session = repository.login(new > > > > > SimpleCredentials("admin", > > > > > "password".toCharArray())); > > > > > Node root = session.getRootNode(); > > > > > root.addNode("leftChild"); > > > > > root.addNode("rightChild"); > > > > > > > > > > session.save(); > > > > > String path = session.getRootNode().getPath(); > > > > > System.out.println(path); > > > > > AccessControlManager acm = session.getAccessControlManager(); > > > > > AccessControlUtils.allow(session.getRootNode(), "admin", > > > > > Privilege.JCR_ALL); > > > > > AccessControlList acl = > > > > > AccessControlUtils.getAccessControlList(session, > > > > > path); > > > > > for (AccessControlEntry e : acl.getAccessControlEntries()) { > > > > > acl.removeAccessControlEntry(e); > > > > > } > > > > > acl.addAccessControlEntry(EveryonePrincipal.getInstance(), new > > > Privilege[] > > > > > { acm > > > > > .privilegeFromName(Privilege.JCR_ALL) }); > > > > > acm.setPolicy(path, acl); > > > > > session.save(); > > > > > > > > > > Regards, > > > > > Atif > > > > > > > > > > On Tue, Aug 25, 2015 at 7:46 AM, Karsten Priegnitz < > > > > > [email protected]> > > > > > wrote: > > > > > > > > > > Hi Atif, > > > > > > > > > > > > I had the same problem as you and then I found > > > > > > > > > > > > > > > org.apache.jackrabbit.commons.jackrabbit.authorization.AccessContro > > > lUtils: > > > > > > > > > > > > and that's all: > > > > > > AccessControlUtils.allow(session.getRootNode(), > > > username, > > > > > > Privilege.JCR_ALL); > > > > > > > > > > > > Best > > > > > > Karsten > > > > > > > > > > > > > > > > > > > > > > > > Karsten R. Priegnitz > > > > > > > > > > > > programmierer | web-entwickler | linux administrator | > > > > > > digitaler nomade > > > > > > business: kontakt <http://petoria.de/portfolio/contact-about/ > > > > > > > | > > > > > > portfolio <http://petoria.de/portfolio/> > > > > > > > > > ------------------------------------------------------------------- > > > ----- > > > > > > > > > > > > > > > > > > Am 24.08.2015 um 22:40 schrieb Clay Ferguson: > > > > > > > > > > > > I'm not *that* much of an expert, but it kind of works by > > > > > > bubbling up > > > > > > > towards the root I believe. So if you query for ACL on a > > > > > > > node and it > > > > > > > finds > > > > > > > none, that is fine. It just means that node is effectively > > > > > > > controlled > > > by > > > > > > > an > > > > > > > ancestor. Once you start adding AC L privs the that root > > > > > > > starts > > > applying > > > > > > > those there and all beneath it on the tree recursively. By > > > > > > > default > > > > > > > 'admin' > > > > > > > user has full privileges and everyone else has none. The > > > > > > > session that > > > > > > > creates a node i think by default has all privs on that > > > > > > > node, but i'd > > > > > > > have > > > > > > > to check my code...I might be adding privs when creating. > > > > > > > Look at my > > > > > > > "controller" class, and that is the top level, and a lot of > > > > > > > stuff like > > > > > > > creating new nodes, moving nodes, adding ACLs etc can be > > > > > > > sussed out by > > > > > > > just > > > > > > > looking at my code and not even running it. It's not too > > > > > > > complicated. > > > > > > > Does > > > > > > > that answer the question? > > > > > > > > > > > > > > Best regards, > > > > > > > Clay Ferguson > > > > > > > [email protected] > > > > > > > > > > > > > > > > > > > > > On Mon, Aug 24, 2015 at 2:53 PM, Atif Manzoor < > > > > > > > [email protected] > > > > > > > > > > > wrote: > > > > > > > > > > > > > > Hi Clay > > > > > > > > > > > > > > > Thanks a lot for your response. I have been through your > > > > > > > > code and > > > have > > > > > > > > found that you have also been using > > > > > > > > getApplicablePolicies(path) and > > > > > > > > getPolicies(path) function to get AccessControlList (ACL) > > > > > > > > object, > > > > > > > > however > > > > > > > > both of these function have not been returning any ACL > > > > > > > > policies for > > > me. > > > > > > > > In > > > > > > > > words my node does not contain any modifiable ACL. Can > > > > > > > > you tell me > > > why > > > > > > > > is > > > > > > > > that. What will I have to do, so that the node should > > > > > > > > also have > > > > > > > > modifiable > > > > > > > > ACL. > > > > > > > > > > > > > > > > Kind regards, > > > > > > > > Atif > > > > > > > > > > > > > > > > On Mon, Aug 24, 2015 at 7:01 PM, Clay Ferguson < > > > > > > > > [email protected]> > > > > > > > > wrote: > > > > > > > > > > > > > > > > Hello Atif, > > > > > > > > > > > > > > > > > You should check out my open source project: > > > > > > > > > https://github.com/Clay-Ferguson/meta64 > > > > > > > > > > > > > > > > > > Download the zip and search for the words 'privilege' > > > > > > > > > and/or > > > > > > > > > > > > > > > > > > AccessControl, > > > > > > > > > > > > > > > > etc. > > > > > > > > > > > > > > > > > > The AclService.java class has ability to do basic > > > > > > > > > listing of > > > > > > > > > privileges > > > > > > > > > > > > > > > > > > for > > > > > > > > > > > > > > > > a node, and adding or removing privileges from a node, > > > > > > > > and might help > > > > > > > > > you > > > > > > > > > some. Good luck. > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > > > Clay Ferguson > > > > > > > > > [email protected] > > > > > > > > > > > > > > > > > > > > > > > > > > > On Mon, Aug 24, 2015 at 12:07 PM, Atif Manzoor < > > > > > > > > > [email protected]> > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > I am new to Jackrabbit and after going through the > > > > > > > > > first hops and > > > > > > > > > little > > > > > > > > > bit of documentation, I was trying to configure Access > > > > > > > > > Control for > > > the > > > > > > > > > > > > > > > > > > > repository nodes. I was extending ThirdHop tutorial > > > > > > > > > > for that > > > purpose > > > > > > > > > > > > > > > > > > > > and > > > > > > > > > was following access control wiki > > > > > > > > > > > > > > > > > > > http://wiki.apache.org/jackrabbit/AccessControl and > > > > > > > > > > had the > > > > > > > > > > following > > > > > > > > > > code. > > > > > > > > > > > > > > > > > > > > Session session = repository.login(new > > > SimpleCredentials("username", > > > > > > > > > > "password" > > > > > > > > > > .toCharArray())); > > > > > > > > > > Node node = session.getRootNode(); > > > > > > > > > > String path = node.getPath(); > > > > > > > > > > AccessControlManager acm = > > > > > > > > > > session.getAccessControlManager(); > > > > > > > > > > > > > > > > > > > > Privilege[] privileges = new Privilege[] { acm > > > > > > > > > > .privilegeFromName(Privilege.JCR_ALL) }; > > > > > > > > > > AccessControlList acl; > > > > > > > > > > try { > > > > > > > > > > acl = (AccessControlList) > > > > > > > > > > acm.getApplicablePolicies(path) > > > > > > > > > > .nextAccessControlPolicy(); > > > > > > > > > > } catch (NoSuchElementException e) { > > > > > > > > > > acl = (AccessControlList) acm.getPolicies(path)[0]; > > > > > > > > > > } > > > > > > > > > > for (AccessControlEntry e : > > > > > > > > > > acl.getAccessControlEntries()) { > > > > > > > > > > acl.removeAccessControlEntry(e); > > > > > > > > > > } > > > > > > > > > > acl.addAccessControlEntry(EveryonePrincipal.getInstan > > > > > > > > > > ce(), > > > > > > > > > > privileges); > > > > > > > > > > acm.setPolicy(path, acl); > > > > > > > > > > session.save(); > > > > > > > > > > > > > > > > > > > > My problem is that I could not get AccessControlList > > > > > > > > > > with this > > > code. > > > > > > > > > > > > > > > > > > > > Both > > > > > > > > > functions (getApplicablePolicies and getAllPolicies) > > > > > > > > > don't have any > > > > > > > > > > > > > > > > > > > AccessControlList attached with them. Can you tell me > > > > > > > > > > where I went > > > > > > > > > > > > > > > > > > > > wrong. I > > > > > > > > > > > > > > > > > > have been using the default security configuration. > > > > > > > > > > > > > > > > > > > > Thanks > > > > > > > > > > Atif > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
