You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Kamil (JIRA)" <ji...@apache.org> on 2015/11/03 11:39:27 UTC
[jira] [Comment Edited] (JCR-3927) UserManager doesn't clean
removed user nodes
[ https://issues.apache.org/jira/browse/JCR-3927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14987043#comment-14987043 ]
Kamil edited comment on JCR-3927 at 11/3/15 10:39 AM:
------------------------------------------------------
Hi Angela,
please notice, that I do both: removing the policy AND the user
{noformat}
acManager.removePolicy(jacl.getPath(), jacl);
authorizable.remove();
{noformat}
By:
{quote}in a productive environment user accounts should rather be disabled{quote}
you mean that users should be disabled rather then deleted?
Hou can I disable user in JCR?
was (Author: kpasko):
Hi Angela,
please notice, that I do both: removing the policy AND the user
{noformat}
acManager.removePolicy(jacl.getPath(), jacl);
authorizable.remove();
{noformat}
What do you mean by:
{quote}in a productive environment user accounts should rather be disabled{quote}
I musn't use users in JCR?!
{quote}reusing the same id for a different subject{quote}
wchich Id? each user has different Id, hasn't it?
> UserManager doesn't clean removed user nodes
> --------------------------------------------
>
> Key: JCR-3927
> URL: https://issues.apache.org/jira/browse/JCR-3927
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Reporter: Kamil
>
> When I create JCR User and assign some privileges to him:
> {noformat}
> Session session = repository.login(new SimpleCredentials("admin", "admin".toCharArray()), "workspace");
> UserManager userManager = ((JackrabbitSession)session).getUserManager();
> Principal principal = userManager.createUser("test", "test").getPrincipal();
> JackrabbitAccessControlList jacl = null;
> JackrabbitAccessControlManager acManager = (JackrabbitAccessControlManager) session.getAccessControlManager();
> JackrabbitAccessControlPolicy[] policies = acManager.getPolicies(principal);
> if (policies.length == 0) {
> // No policies yet. Create one from the applicablePolicies
> policies = acManager.getApplicablePolicies(principal);
> }
> jacl = (JackrabbitAccessControlList) policies[0];
> Privilege[] privileges = new Privilege[]{acManager.privilegeFromName(Privilege.JCR_ALL)};
> Map<String, Value> restrictions = new HashMap<String, Value>();
> ValueFactory vf = session.getValueFactory();
> restrictions.put("rep:nodePath", vf.createValue("/", PropertyType.PATH)); //and some other restrictions
> jacl.addEntry(principal, privileges, true, restrictions);
> acManager.setPolicy(jacl.getPath(), jacl);
> session.save();
> {noformat}
> and then I print out all the nodes:
> {noformat}
> QueryManager manager = session.getWorkspace().getQueryManager();
> Query query = manager.createQuery("SELECT * FROM [nt:base] AS n", Query.JCR_SQL2);
> NodeIterator res = query.execute().getNodes();
> while (res.hasNext()) {
> Node n = res.nextNode();
> System.out.println(String.format("%s: %s", n.getIdentifier(), n));
> }
> {noformat}
> Then I receive this:
> {noformat}
> cafebabe-cafe-babe-cafe-babecafebabe: node /
> e482b4ff-8faa-42e1-a534-25373d5abfbc: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
> d0f7f4b5-f61f-457f-9b8f-0683bb937c5e: node /rep:accesscontrol
> b9446997-df48-4552-8ef9-cb4bdffcee53: node /rep:accesscontrol/rep:security
> 2a90eeb3-60d0-4f92-9175-d141c4c337e0: node /rep:accesscontrol/rep:security/rep:authorizables
> f900633b-09af-44b6-bb1f-151e283df245: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy
> 88fcb55b-efb2-40f3-90c1-976ba2a0c9fe: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry2
> 464d7a4b-1268-49cf-a4c8-59cb9d6d800c: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry0
> 84b93de7-d727-43d9-b49a-0bff86fbfef6: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry1
> 9d3072ef-cd6c-4cf4-b726-4527fb0ab5b4: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry
> 28bd07a8-ad99-4e06-a968-c863232a22a0: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users
> 4e4311f6-f984-4605-88ae-c6ad5e6475cf: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
> 48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
> deadbeef-cafe-babe-cafe-babecafebabe: node /jcr:system
> deadbeef-face-babe-cafe-babecafebabe: node /jcr:system/jcr:versionStorage
> deadbeef-face-babe-ac71-babecafebabe: node /jcr:system/jcr:activities
> {noformat}
> But when I delete the user:
> {noformat}
> JackrabbitAccessControlManager acManager = (JackrabbitAccessControlManager) session.getAccessControlManager();
> JackrabbitAccessControlList jacl = //previously obtained JACL
> acManager.removePolicy(jacl.getPath(), jacl);
> authorizable.remove();
> session.save();
> {noformat}
> and print out all nodes again, I receive this output:
> {noformat}
> cafebabe-cafe-babe-cafe-babecafebabe: node /
> e482b4ff-8faa-42e1-a534-25373d5abfbc: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
> d0f7f4b5-f61f-457f-9b8f-0683bb937c5e: node /rep:accesscontrol
> b9446997-df48-4552-8ef9-cb4bdffcee53: node /rep:accesscontrol/rep:security
> 2a90eeb3-60d0-4f92-9175-d141c4c337e0: node /rep:accesscontrol/rep:security/rep:authorizables
> 28bd07a8-ad99-4e06-a968-c863232a22a0: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users
> 4e4311f6-f984-4605-88ae-c6ad5e6475cf: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
> 48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
> deadbeef-cafe-babe-cafe-babecafebabe: node /jcr:system
> deadbeef-face-babe-cafe-babecafebabe: node /jcr:system/jcr:versionStorage
> deadbeef-face-babe-ac71-babecafebabe: node /jcr:system/jcr:activities
> {noformat}
> so these nodes:
> {noformat}
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
> 4e4311f6-f984-4605-88ae-c6ad5e6475cf: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
> 48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
> {noformat}
> are still there instead of being removed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)