You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Malzer Ferdinand OSP sIT <Fe...@s-itsolutions.at> on 2012/04/27 11:25:51 UTC
using principal-based ACLs
hello,
I try to use the principal-based ACLs mechanism in JackRabbit documented in http://wiki.apache.org/jackrabbit/AccessControl.
Do somebody know how I could create a JackrabbitAccessControlList when JackrabbitAccessControlManager.getPolicies(principal) returns an empty array for the given principal?
Thx in advance!
ferry malzer
AW: using principal-based ACLs
Posted by Malzer Ferdinand OSP sIT <Fe...@s-itsolutions.at>.
Hello,
You are right!
I used ' getPolicies' instead of ' getApplicablePolicies'.
Thx for your advice!
:-) ferry malzer
-----Ursprüngliche Nachricht-----
Von: Angela Schreiber [mailto:anchela@adobe.com]
Gesendet: Freitag, 27. April 2012 11:52
An: users@jackrabbit.apache.org
Betreff: Re: using principal-based ACLs
hi
> I try to use the principal-based ACLs mechanism in JackRabbit documented in http://wiki.apache.org/jackrabbit/AccessControl.
> Do somebody know how I could create a JackrabbitAccessControlList when JackrabbitAccessControlManager.getPolicies(principal)
> returns an empty array for the given principal?
did you change the workspace configuration to use the principal-based
access control mechanism? this is not enabled by default.
second: access control editing in JCR is defined to work as follows:
- getPolicies returns the policies that have been set before... they
may or may not be modifiable. if they are modifiable, modifications
can be applied by calling setPolicy on the manager. they become
effective upon session.save.
- getApplicablePolicies returns 'new' policies that can be set to the
manager using setPolicy. after save they are effective.
- setPolicies: used to apply a policy... if the policy was modifiable
changes must happen before calling setPolicy... or use
getPolicy-modify-setPolicy to change an existing policy.
the changes are only effective upon calling session.save()
- removePolicy: removes the policy.
the changes are only effective upon calling session.save()
so maybe you didn't call be applicablepolicies before? could that be?
hope that helps
angela
>
> Thx in advance!
> ferry malzer
>
>
Re: using principal-based ACLs
Posted by Angela Schreiber <an...@adobe.com>.
hi
> I try to use the principal-based ACLs mechanism in JackRabbit documented in http://wiki.apache.org/jackrabbit/AccessControl.
> Do somebody know how I could create a JackrabbitAccessControlList when JackrabbitAccessControlManager.getPolicies(principal)
> returns an empty array for the given principal?
did you change the workspace configuration to use the principal-based
access control mechanism? this is not enabled by default.
second: access control editing in JCR is defined to work as follows:
- getPolicies returns the policies that have been set before... they
may or may not be modifiable. if they are modifiable, modifications
can be applied by calling setPolicy on the manager. they become
effective upon session.save.
- getApplicablePolicies returns 'new' policies that can be set to the
manager using setPolicy. after save they are effective.
- setPolicies: used to apply a policy... if the policy was modifiable
changes must happen before calling setPolicy... or use
getPolicy-modify-setPolicy to change an existing policy.
the changes are only effective upon calling session.save()
- removePolicy: removes the policy.
the changes are only effective upon calling session.save()
so maybe you didn't call be applicablepolicies before? could that be?
hope that helps
angela
>
> Thx in advance!
> ferry malzer
>
>