You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by Eric Norman <er...@gmail.com> on 2009/09/01 02:57:03 UTC
Re: UserManager, Authorization and Authentication
Hi Francisco,
There is also a Rest API for the accessmanager, but I don't believe the
bundle has been documented yet. However, it's usage is very similar to the
usermanager.
For example, to add an access control entry your test user, the usage would
look something like this:
*curl -FprincipalId=tests -Fprivilege@jcr:write=granted
http://admin:admin@localhost:8080/content/tests.modifyAce.html*
Now, to break that down a bit:
- the 'principalId' parameter specifies the id of the user to assign the
privileges to.
- One or more 'privilege@[privilege Name]=granted' parameters specify the
names of the privileges to grant to the user. You may also deny privileges
by using 'privilege@[privilege Name]=denied'. See
http://jackrabbit.apache.org/api/1.5/org/apache/jackrabbit/api/jsr283/security/Privilege.htmlfor
the jackrabbit javadocs that describe the possible privilege names.
- The '.modifyAce.html' suffix after the path of the node directs the
request to the accessmanager handler registered inside sling.
Also, there are a few unit tests at [1] that demonstrate and test the usage.
1.
http://svn.apache.org/viewvc/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java?revision=785979
Regards,
-Eric
2009/8/31 Francisco Jesús González Mata <je...@gmail.com>
> Hello, first of all, sorry for my blunder..
>
> I'm trying to create an specific user different that 'admin' and
> 'anonymous', for example 'tests'. I know that from Jackrabbit 1.4.x, it
> comes with a new feature, user and group management. And in this link (
>
> http://sling.apache.org/site/managing-users-and-groups-jackrabbitusermanager.html
> )
> I can find info about the easy Rest API developed for Sling team.
>
> Let me explain an example about I want to do:
> 1. Create the user 'tests':
> curl -F:name=tests -Fpwd=tests -FpwdConfirm=tests
> http://localhost:8080/system/userManager/user.create.html
> 2. Admin user creates the 'tests' folder in content:
> curl -Ftitle=tests http://admin:admin@localhost:8080/content/*
> 3. I wish 'tests' user had permissions to CRUD operations in all nodes
> under
> its folder:
> curl -Ftitle=collection1 http://tests:tests@localhost:8080/content/tests/*
> curl -Ftitle=doc1 http://tests:tests@localhost
> :8080/content/tests/collection1/*
> curl -Fdescription=CommonsCollection http://tests:tests@localhost
> :8080/content/tests/collection1
> curl -F:operation=delete http://tests:tests@localhost
> :8080/content/tests/collection1
>
> The step1 creates an user in JCR through userManager. So, in step 3
> SlingAuthenticator extracts credentials and login into JCR. As 'tests' user
> exists in JCR, a session is opened with this user. As you know, the problem
> comes now, because 'tests' user doesn't have write permissions in JCR. By
> default, only admin user have all permissions in JCR.
>
> How can I assign permissions to an user? Is there any API like userManager
> for this matter? Could anybody give me an example?
>
> As alternative, I have read that AccesManager manages Authorization and
> LoginModule Authentication, and that by implementing my own accesmanager I
> could even use other authorizable mechanism like LDAP. Am I in the right
> way? I have tried to implement my own AccessManager in Jackrabbit-core 1.5,
> but I must be doing anything wrong. Or should I wait for Jackrabbit 2.0 or
> for more documentation?
>
>
> I apreciate your effort and contribution.
> Sincerely, FJ Gonzalez.
>