You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Kanchan Mourya <Ka...@symphonysv.com> on 2012/05/11 12:39:00 UTC
assigning all access for everyone from a principal ACL based
provider
Hi,
I am trying to use principal base ACL to assign all accesses to a user names user2. Following is my code.
The code is running successfully. But when I am logging in as User2 and trying to add a child node under "adminuser/test1" I am getting exception saying
javax.jcr.AccessDeniedException: /adminuser/test1/test2: not allowed to add or modify item
try{
Repository repository = createJCRRepository.createRepository();
session = repository.login(new SimpleCredentials("admin","".toCharArray()));
String nodepath = "adminuser/test1";
JackrabbitSession js = (JackrabbitSession) session;
User user = ((User) js.getUserManager().getAuthorizable("user2"));
Principal principal = user.getPrincipal();
System.out.println(user.getPrincipal());
Node n2 = session.getNode("/"+nodepath);
JackrabbitAccessControlManager acm = (JackrabbitAccessControlManager)session.getAccessControlManager();
JackrabbitAccessControlPolicy[] ps = acm.getPolicies(user.getPrincipal());//acm.getApplicablePolicies(user.getPrincipal());
System.out.println(" policy list it=== "+ps.length);
JackrabbitAccessControlList list = (JackrabbitAccessControlList) ps[0];
// list entries
AccessControlEntry[] entries = list.getAccessControlEntries();
if(entries.length>0){
System.out.println(" removing previous entries......");
AccessControlEntry entry = entries[0];
// remove entry
list.removeAccessControlEntry(entry);
}
// add new entry
Privilege[] privileges = new Privilege[] { acm.privilegeFromName(Privilege.JCR_ALL)};
Map<String, Value> restrictions = new HashMap<String, Value>();
ValueFactory vf = session.getValueFactory();
restrictions.put("rep:nodePath", vf.createValue(nodepath, PropertyType.PATH));
restrictions.put("rep:glob", vf.createValue("*"));
list.addEntry(principal, privileges, true /* allow or deny */, restrictions);
// reorder entries
//list.orderBefore(entry, entry2);
// finally set policy again & save
acm.setPolicy(list.getPath(), list);
System.out.println("access provided at ===== "+nodepath);
session.save();
}catch(Exception ex){
ex.printStackTrace();
}finally{
session.logout();
}
NOTICE TO RECIPIENT: THIS E-MAIL (INCLUDING ANY ATTACHMENTS) IS MEANT FOR ONLY THE INTENDED RECIPIENT OF THE TRANSMISSION, MAY CONTAIN CONFIDENTIAL INFORMATION, AND IS PROTECTED BY LAW. IF YOU RECEIVED THIS E-MAIL IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER OF THE ERROR BY RETURN E-MAIL, DELETE THIS COMMUNICATION AND SHRED ANY ATTACHMENTS. UNAUTHORIZED REVIEW, USE, DISSEMINATION, DISTRIBUTION, COPYING OR TAKING OF ANY ACTION BASED ON THIS COMMUNICATION IS STRICTLY PROHIBITED.