You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Kanchan Mourya <Ka...@symphonysv.com> on 2012/05/11 12:39:00 UTC

assigning all access for everyone from a principal ACL based provider

Hi,

I am trying to use principal base ACL to assign all accesses to a user names user2. Following is my code.
The code is running successfully. But when I am logging in as User2 and trying to add a child node under "adminuser/test1" I am getting exception saying

javax.jcr.AccessDeniedException: /adminuser/test1/test2: not allowed to add or modify item






 try{
                Repository repository = createJCRRepository.createRepository();
                session = repository.login(new SimpleCredentials("admin","".toCharArray()));
                String nodepath = "adminuser/test1";

                JackrabbitSession js = (JackrabbitSession) session;
                User user = ((User) js.getUserManager().getAuthorizable("user2"));
                Principal principal = user.getPrincipal();
                System.out.println(user.getPrincipal());

                Node n2 = session.getNode("/"+nodepath);
                JackrabbitAccessControlManager acm = (JackrabbitAccessControlManager)session.getAccessControlManager();
                JackrabbitAccessControlPolicy[] ps  = acm.getPolicies(user.getPrincipal());//acm.getApplicablePolicies(user.getPrincipal());
                System.out.println("  policy list it=== "+ps.length);

                JackrabbitAccessControlList list = (JackrabbitAccessControlList) ps[0];

                // list entries
                AccessControlEntry[] entries = list.getAccessControlEntries();

                if(entries.length>0){
                        System.out.println(" removing previous entries......");
                        AccessControlEntry entry = entries[0];
                        // remove entry
                        list.removeAccessControlEntry(entry);
                }
                // add new entry
                                        Privilege[] privileges = new Privilege[] { acm.privilegeFromName(Privilege.JCR_ALL)};
                                        Map<String, Value> restrictions = new HashMap<String, Value>();
                                        ValueFactory vf = session.getValueFactory();
                                        restrictions.put("rep:nodePath", vf.createValue(nodepath, PropertyType.PATH));
                                        restrictions.put("rep:glob", vf.createValue("*"));
                                        list.addEntry(principal, privileges, true /* allow or deny */, restrictions);

                                        // reorder entries
                                        //list.orderBefore(entry, entry2);

                                        // finally set policy again & save
                                        acm.setPolicy(list.getPath(), list);


                System.out.println("access provided at ===== "+nodepath);
                session.save();
                }catch(Exception ex){
                        ex.printStackTrace();
                }finally{
                        session.logout();
                }

NOTICE TO RECIPIENT: THIS E-MAIL (INCLUDING ANY ATTACHMENTS) IS MEANT FOR ONLY THE INTENDED RECIPIENT OF THE TRANSMISSION, MAY CONTAIN CONFIDENTIAL INFORMATION, AND IS PROTECTED BY LAW. IF YOU RECEIVED THIS E-MAIL IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER OF THE ERROR BY RETURN E-MAIL, DELETE THIS COMMUNICATION AND SHRED ANY ATTACHMENTS. UNAUTHORIZED REVIEW, USE, DISSEMINATION, DISTRIBUTION, COPYING OR TAKING OF ANY ACTION BASED ON THIS COMMUNICATION IS STRICTLY PROHIBITED.