What exactly did you do to make it work? K Atif Manzoor <[email protected]> schrieb:
>Hi Clay and Robert, it turned out that I was not properly configuring my >repository, so it does not have any ACL attached to it. It have been >working fine now. > >Thanks for your suggestions. > >Kind regards, >Atif > >On Tue, Aug 25, 2015 at 4:15 PM, Clay Ferguson <[email protected]> wrote: > >> I'm experimenting with meta64.com discussion capability. Who wants to >> discuss this stuff on there, and see if the meta64 works well as a >> discussion engine? I'm trying to make Social Media a federated free >> commodity, rather than monopolizedy by Diqus, Facebook, etc. Join me... >> >> http://meta64.com?id=/wclayf/public/oak-jackrabbit-discussions >> >> Best regards, >> Clay Ferguson >> [email protected] >> >> >> On Tue, Aug 25, 2015 at 9:51 AM, Robert Munteanu <[email protected]> >> wrote: >> >> > Hi, >> > >> > On Tue, 2015-08-25 at 09:44 -0500, Clay Ferguson wrote: >> > > Atif, just beware that the "addChildren" privilege doesn't work as >> > > one >> > > would expect. If you want a principle to be able to add children to a >> > > node >> > > you must add ALL of the following privileges: >> > > >> > > "read", "write", "addChildren", "nodeTypeManagement" >> > >> > I think you can simply use rep:write ( not jcr:write ) as a shorthand. >> > >> > > >> > > That costed me many hours of headache, and at least one other person >> > > also. >> > > My personal belief this functionality requirement was an accident >> > > rather >> > > than by design and no one who is an Adobe customer has complained so >> > > they >> > > are leaving it as is. >> > >> > As far as I can tell the behaviour is according to the Access Control >> > Management chapter of the JCR 2.0 specification [1]. If there's a gap >> > between the spec and the implementation it's definitely worth a bug >> > report. >> > >> > Cheers, >> > >> > Robert >> > >> > [1]: http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html >> > #16.2.3%20Standard%20Privileges >> > >> > > >> > > >> > > Best regards, >> > > Clay Ferguson >> > > [email protected] >> > > >> > > >> > > On Tue, Aug 25, 2015 at 5:05 AM, Atif Manzoor <[email protected] >> > > > >> > > wrote: >> > > >> > > > Hi Karsten >> > > > >> > > > No actually I was just trying out the simplest case to control >> > > > access to a >> > > > particular code. At later stage I will allow or restrict read / >> > > > write >> > > > access to a node for different users. >> > > > >> > > > Kind regards, >> > > > Atif >> > > > >> > > > On Tue, Aug 25, 2015 at 10:53 AM, Karsten Priegnitz < >> > > > [email protected]> >> > > > wrote: >> > > > >> > > > > Hi Atif >> > > > > >> > > > > reading your code it seems to me you just want to add JCR_ALL >> > > > > privileges >> > > > > to some user. This is what allow() does. No need to do something >> > > > > else. >> > > > And: >> > > > > "admin" normally already has these privileges. >> > > > > >> > > > > I'd try this (not tested) >> > > > > >> > > > > AccessControlUtils.allow(session.getRootNode(), >> > > > > EveryonePrincipal.getInstance() >> > > > > .getName(), Privilege.JCR_ALL); >> > > > > >> > > > > >> > > > > What do you want to accomplish? Make everyone admin? >> > > > > >> > > > > >> > > > > Karsten R. Priegnitz >> > > > > >> > > > > programmierer | web-entwickler | linux administrator | digitaler >> > > > > nomade >> > > > > business: kontakt <http://petoria.de/portfolio/contact-about/> | >> > > > > portfolio <http://petoria.de/portfolio/> >> > > > > ----------------------------------------------------------------- >> > > > > ------- >> > > > > >> > > > > Am 25.08.2015 um 10:54 schrieb Atif Manzoor: >> > > > > >> > > > > > Hi Karsten >> > > > > > >> > > > > > Thanks a lot for your help. I tried AccessControlUtils.allow(), >> > > > > > however >> > > > > > AccessControlUtils.getACL() is still returning NULL. I think I >> > > > > > may have >> > > > > > also have to do something else to enable access control that >> > > > > > particular >> > > > > > node. Following is my code complete code that tried >> > > > > > AccessControlUtils. >> > > > I >> > > > > > am still getting Null for acl. >> > > > > > >> > > > > > Repository repository = new TransientRepository(); >> > > > > > Session session = repository.login(new >> > > > > > SimpleCredentials("admin", >> > > > > > "password".toCharArray())); >> > > > > > Node root = session.getRootNode(); >> > > > > > root.addNode("leftChild"); >> > > > > > root.addNode("rightChild"); >> > > > > > >> > > > > > session.save(); >> > > > > > String path = session.getRootNode().getPath(); >> > > > > > System.out.println(path); >> > > > > > AccessControlManager acm = session.getAccessControlManager(); >> > > > > > AccessControlUtils.allow(session.getRootNode(), "admin", >> > > > > > Privilege.JCR_ALL); >> > > > > > AccessControlList acl = >> > > > > > AccessControlUtils.getAccessControlList(session, >> > > > > > path); >> > > > > > for (AccessControlEntry e : acl.getAccessControlEntries()) { >> > > > > > acl.removeAccessControlEntry(e); >> > > > > > } >> > > > > > acl.addAccessControlEntry(EveryonePrincipal.getInstance(), new >> > > > Privilege[] >> > > > > > { acm >> > > > > > .privilegeFromName(Privilege.JCR_ALL) }); >> > > > > > acm.setPolicy(path, acl); >> > > > > > session.save(); >> > > > > > >> > > > > > Regards, >> > > > > > Atif >> > > > > > >> > > > > > On Tue, Aug 25, 2015 at 7:46 AM, Karsten Priegnitz < >> > > > > > [email protected]> >> > > > > > wrote: >> > > > > > >> > > > > > Hi Atif, >> > > > > > > >> > > > > > > I had the same problem as you and then I found >> > > > > > > >> > > > > > > >> > > > org.apache.jackrabbit.commons.jackrabbit.authorization.AccessContro >> > > > lUtils: >> > > > > > > >> > > > > > > and that's all: >> > > > > > > AccessControlUtils.allow(session.getRootNode(), >> > > > username, >> > > > > > > Privilege.JCR_ALL); >> > > > > > > >> > > > > > > Best >> > > > > > > Karsten >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > Karsten R. Priegnitz >> > > > > > > >> > > > > > > programmierer | web-entwickler | linux administrator | >> > > > > > > digitaler nomade >> > > > > > > business: kontakt <http://petoria.de/portfolio/contact-about/ >> > > > > > > > | >> > > > > > > portfolio <http://petoria.de/portfolio/> >> > > > > > > >> > > > ------------------------------------------------------------------- >> > > > ----- >> > > > > > > >> > > > > > > >> > > > > > > Am 24.08.2015 um 22:40 schrieb Clay Ferguson: >> > > > > > > >> > > > > > > I'm not *that* much of an expert, but it kind of works by >> > > > > > > bubbling up >> > > > > > > > towards the root I believe. So if you query for ACL on a >> > > > > > > > node and it >> > > > > > > > finds >> > > > > > > > none, that is fine. It just means that node is effectively >> > > > > > > > controlled >> > > > by >> > > > > > > > an >> > > > > > > > ancestor. Once you start adding AC L privs the that root >> > > > > > > > starts >> > > > applying >> > > > > > > > those there and all beneath it on the tree recursively. By >> > > > > > > > default >> > > > > > > > 'admin' >> > > > > > > > user has full privileges and everyone else has none. The >> > > > > > > > session that >> > > > > > > > creates a node i think by default has all privs on that >> > > > > > > > node, but i'd >> > > > > > > > have >> > > > > > > > to check my code...I might be adding privs when creating. >> > > > > > > > Look at my >> > > > > > > > "controller" class, and that is the top level, and a lot of >> > > > > > > > stuff like >> > > > > > > > creating new nodes, moving nodes, adding ACLs etc can be >> > > > > > > > sussed out by >> > > > > > > > just >> > > > > > > > looking at my code and not even running it. It's not too >> > > > > > > > complicated. >> > > > > > > > Does >> > > > > > > > that answer the question? >> > > > > > > > >> > > > > > > > Best regards, >> > > > > > > > Clay Ferguson >> > > > > > > > [email protected] >> > > > > > > > >> > > > > > > > >> > > > > > > > On Mon, Aug 24, 2015 at 2:53 PM, Atif Manzoor < >> > > > > > > > [email protected] >> > > > > >> > > > > > > > wrote: >> > > > > > > > >> > > > > > > > Hi Clay >> > > > > > > > >> > > > > > > > > Thanks a lot for your response. I have been through your >> > > > > > > > > code and >> > > > have >> > > > > > > > > found that you have also been using >> > > > > > > > > getApplicablePolicies(path) and >> > > > > > > > > getPolicies(path) function to get AccessControlList (ACL) >> > > > > > > > > object, >> > > > > > > > > however >> > > > > > > > > both of these function have not been returning any ACL >> > > > > > > > > policies for >> > > > me. >> > > > > > > > > In >> > > > > > > > > words my node does not contain any modifiable ACL. Can >> > > > > > > > > you tell me >> > > > why >> > > > > > > > > is >> > > > > > > > > that. What will I have to do, so that the node should >> > > > > > > > > also have >> > > > > > > > > modifiable >> > > > > > > > > ACL. >> > > > > > > > > >> > > > > > > > > Kind regards, >> > > > > > > > > Atif >> > > > > > > > > >> > > > > > > > > On Mon, Aug 24, 2015 at 7:01 PM, Clay Ferguson < >> > > > > > > > > [email protected]> >> > > > > > > > > wrote: >> > > > > > > > > >> > > > > > > > > Hello Atif, >> > > > > > > > > >> > > > > > > > > > You should check out my open source project: >> > > > > > > > > > https://github.com/Clay-Ferguson/meta64 >> > > > > > > > > > >> > > > > > > > > > Download the zip and search for the words 'privilege' >> > > > > > > > > > and/or >> > > > > > > > > > >> > > > > > > > > > AccessControl, >> > > > > > > > > >> > > > > > > > > etc. >> > > > > > > > > > >> > > > > > > > > > The AclService.java class has ability to do basic >> > > > > > > > > > listing of >> > > > > > > > > > privileges >> > > > > > > > > > >> > > > > > > > > > for >> > > > > > > > > >> > > > > > > > > a node, and adding or removing privileges from a node, >> > > > > > > > > and might help >> > > > > > > > > > you >> > > > > > > > > > some. Good luck. >> > > > > > > > > > >> > > > > > > > > > Best regards, >> > > > > > > > > > Clay Ferguson >> > > > > > > > > > [email protected] >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > On Mon, Aug 24, 2015 at 12:07 PM, Atif Manzoor < >> > > > > > > > > > [email protected]> >> > > > > > > > > > wrote: >> > > > > > > > > > >> > > > > > > > > > I am new to Jackrabbit and after going through the >> > > > > > > > > > first hops and >> > > > > > > > > > little >> > > > > > > > > > bit of documentation, I was trying to configure Access >> > > > > > > > > > Control for >> > > > the >> > > > > > > > > > >> > > > > > > > > > > repository nodes. I was extending ThirdHop tutorial >> > > > > > > > > > > for that >> > > > purpose >> > > > > > > > > > > >> > > > > > > > > > > and >> > > > > > > > > > was following access control wiki >> > > > > > > > > > >> > > > > > > > > > > http://wiki.apache.org/jackrabbit/AccessControl and >> > > > > > > > > > > had the >> > > > > > > > > > > following >> > > > > > > > > > > code. >> > > > > > > > > > > >> > > > > > > > > > > Session session = repository.login(new >> > > > SimpleCredentials("username", >> > > > > > > > > > > "password" >> > > > > > > > > > > .toCharArray())); >> > > > > > > > > > > Node node = session.getRootNode(); >> > > > > > > > > > > String path = node.getPath(); >> > > > > > > > > > > AccessControlManager acm = >> > > > > > > > > > > session.getAccessControlManager(); >> > > > > > > > > > > >> > > > > > > > > > > Privilege[] privileges = new Privilege[] { acm >> > > > > > > > > > > .privilegeFromName(Privilege.JCR_ALL) }; >> > > > > > > > > > > AccessControlList acl; >> > > > > > > > > > > try { >> > > > > > > > > > > acl = (AccessControlList) >> > > > > > > > > > > acm.getApplicablePolicies(path) >> > > > > > > > > > > .nextAccessControlPolicy(); >> > > > > > > > > > > } catch (NoSuchElementException e) { >> > > > > > > > > > > acl = (AccessControlList) acm.getPolicies(path)[0]; >> > > > > > > > > > > } >> > > > > > > > > > > for (AccessControlEntry e : >> > > > > > > > > > > acl.getAccessControlEntries()) { >> > > > > > > > > > > acl.removeAccessControlEntry(e); >> > > > > > > > > > > } >> > > > > > > > > > > acl.addAccessControlEntry(EveryonePrincipal.getInstan >> > > > > > > > > > > ce(), >> > > > > > > > > > > privileges); >> > > > > > > > > > > acm.setPolicy(path, acl); >> > > > > > > > > > > session.save(); >> > > > > > > > > > > >> > > > > > > > > > > My problem is that I could not get AccessControlList >> > > > > > > > > > > with this >> > > > code. >> > > > > > > > > > > >> > > > > > > > > > > Both >> > > > > > > > > > functions (getApplicablePolicies and getAllPolicies) >> > > > > > > > > > don't have any >> > > > > > > > > > >> > > > > > > > > > > AccessControlList attached with them. Can you tell me >> > > > > > > > > > > where I went >> > > > > > > > > > > >> > > > > > > > > > > wrong. I >> > > > > > > > > > >> > > > > > > > > > have been using the default security configuration. >> > > > > > > > > > > >> > > > > > > > > > > Thanks >> > > > > > > > > > > Atif >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > >> > > > >> > >> > >>
