You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by yanshaozhiGmail <ya...@gmail.com> on 2009/01/08 16:54:34 UTC
Re: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
HI:
thanks very much for telling me so much , I have another question ,
if I want to user the user manager in sling, Do I have to change the
sling code (sling repository: repository.xml replace the SimpleAccessManager
to DefultAccessManager and other interface.)
2009-01-08
yanshaozhiGmail
发件人: Rory Douglas
发送时间: 2009-01-08 23:41:11
收件人: sling-dev
抄送:
主题: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
You need to do two things to get access to
UserManager/PrincipalManager. First, you should remove the
org.apache.sling.jcr.jackrabbit.api bundle. Then download the
Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
That will export the releveant JSR283 packages.
Then you should be able to do the following (in a JSP or anywhere you
have a Session):
UserManager userManager = null;
if(session instanceof PooledJackrabbitSession) {
userManager = ((PooledJackrabbitSession)session).getUserManager();
} else {
// use reflection since Jackrabbit.core package not exported
Method m = session.getClass().getMethod("getUserManager");
userManager = (UserManager)m.invoke(session);
}
This same pattern works for PrincipalManager which is exposed on the
JackrabbitSession. If you want the AccessControlManager (to set ACLs),
you'll need to use the reflection approach only for now. You don't need
to actually access the "security" workspace in order to create & manager
users (although there's no good way to list all users right now, so
accessing the workspace probably would give you that ability).
I've created a utility class that wraps up all this messy code - I'll
open an issue & submit the patch now.
Regards,
Rory
yanshaozhiGmail wrote:
> HI:
>
> As I know , now sling is support for jackrabbit 1.5 , it will
>
> more powerfull if sling can provide api for user manager .
>
> And is there any way to implement user manage with sling
>
> if I implement it myself ? how can I get ""security" workspace?
>
> It's seems that there isn't "security" workspace in sling's
>
> jackrabbit repository.
>
>
> 2009-01-08
>
>
>
> yanjie
>
>
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp
api for user manager?
Posted by Rory Douglas <ro...@oracle.com>.
+1
If you don't set any ACLs, it appears to behave identically to the
Simple* setup.
Felix Meschberger wrote:
> Hmm, I wonder, whether we should not change the default configuration of
> the jackrabbit-server bundle to use the below setup instead of our
> current Simple non-secured setup.
>
> WDYT ?
>
> Regards
> Felix
>
> Rory Douglas schrieb:
>
>> Yes, I think you'll need (at a minimum) to setup the SecurityManager.
>> If you setup the DefaultAccessManager, you can use AccessControlManager
>> to set ACLs on nodes for authorization. I haven't tried mixing these
>> with an external JAAS LoginModule, but I think it would work.
>> Otherwise, configure that too.
>>
>> <Security appName="Jackrabbit">
>> <SecurityManager
>> class="org.apache.jackrabbit.core.DefaultSecurityManager"
>> workspaceName="security"></SecurityManager>
>>
>> <AccessManager
>> class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
>>
>>
>> <LoginModule
>> class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
>>
>> <param name="anonymousId" value="anonymous"/>
>> <param name="adminId" value="admin"/>
>> </LoginModule>
>> </Security>
>>
>> Regards,
>> Rory
>>
>> yanshaozhiGmail wrote:
>>
>>> HI:
>>>
>>> thanks very much for telling me so much , I have another question ,
>>> if I want to user the user manager in sling, Do I have to change the
>>> sling code (sling repository: repository.xml replace the
>>> SimpleAccessManager
>>> to DefultAccessManager and other interface.)
>>>
>>>
>>> 2009-01-08
>>>
>>>
>>> yanshaozhiGmail
>>>
>>>
>>> 发件人: Rory Douglas 发送时间: 2009-01-08 23:41:11 收件人:
>>> sling-dev 抄送: 主题: Re: Since sling is support ing for jackrabbit
>>> 1.5 why doesn't providehttp api for user manager?
>>> You need to do two things to get access to
>>> UserManager/PrincipalManager. First, you should remove the
>>> org.apache.sling.jcr.jackrabbit.api bundle. Then download the
>>> Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
>>> That will export the releveant JSR283 packages.
>>> Then you should be able to do the following (in a JSP or anywhere you
>>> have a Session):
>>> UserManager userManager = null;
>>> if(session instanceof PooledJackrabbitSession) {
>>> userManager = ((PooledJackrabbitSession)session).getUserManager();
>>> } else {
>>> // use reflection since Jackrabbit.core package not exported
>>> Method m = session.getClass().getMethod("getUserManager");
>>> userManager = (UserManager)m.invoke(session);
>>> }
>>> This same pattern works for PrincipalManager which is exposed on the
>>> JackrabbitSession. If you want the AccessControlManager (to set
>>> ACLs), you'll need to use the reflection approach only for now. You
>>> don't need to actually access the "security" workspace in order to
>>> create & manager users (although there's no good way to list all users
>>> right now, so accessing the workspace probably would give you that
>>> ability).
>>> I've created a utility class that wraps up all this messy code - I'll
>>> open an issue & submit the patch now.
>>> Regards,
>>> Rory
>>> yanshaozhiGmail wrote:
>>>
>>>
>>>> HI:
>>>>
>>>> As I know , now sling is support for jackrabbit 1.5 , it will
>>>> more powerfull if sling can provide api for user manager .
>>>>
>>>> And is there any way to implement user manage with sling
>>>> if I implement it myself ? how can I get ""security" workspace?
>>>>
>>>> It's seems that there isn't "security" workspace in sling's
>>>> jackrabbit repository.
>>>>
>>>>
>>>> 2009-01-08
>>>>
>>>>
>>>> yanjie
>>>>
>>>>
>
>
--
Rory Douglas | Senior Principal Consultant
Fax: +1-201-604-6428 | Mobile: +1-917-498-5344
Oracle North America Consulting
ORACLE United States | | San Diego, CA
"Please consider your environmental responsibility before printing this
e-mail"
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp
api for user manager?
Posted by Pontus Amberg <po...@comhem.se>.
+1
/Pontus
Felix Meschberger wrote:
> Hmm, I wonder, whether we should not change the default configuration of
> the jackrabbit-server bundle to use the below setup instead of our
> current Simple non-secured setup.
>
> WDYT ?
>
> Regards
> Felix
>
> Rory Douglas schrieb:
>
>> Yes, I think you'll need (at a minimum) to setup the SecurityManager.
>> If you setup the DefaultAccessManager, you can use AccessControlManager
>> to set ACLs on nodes for authorization. I haven't tried mixing these
>> with an external JAAS LoginModule, but I think it would work.
>> Otherwise, configure that too.
>>
>> <Security appName="Jackrabbit">
>> <SecurityManager
>> class="org.apache.jackrabbit.core.DefaultSecurityManager"
>> workspaceName="security"></SecurityManager>
>>
>> <AccessManager
>> class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
>>
>>
>> <LoginModule
>> class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
>>
>> <param name="anonymousId" value="anonymous"/>
>> <param name="adminId" value="admin"/>
>> </LoginModule>
>> </Security>
>>
>> Regards,
>> Rory
>>
>> yanshaozhiGmail wrote:
>>
>>> HI:
>>>
>>> thanks very much for telling me so much , I have another question ,
>>> if I want to user the user manager in sling, Do I have to change the
>>> sling code (sling repository: repository.xml replace the
>>> SimpleAccessManager
>>> to DefultAccessManager and other interface.)
>>>
>>>
>>> 2009-01-08
>>>
>>>
>>> yanshaozhiGmail
>>>
>>>
>>> 发件人: Rory Douglas 发送时间: 2009-01-08 23:41:11 收件人:
>>> sling-dev 抄送: 主题: Re: Since sling is support ing for jackrabbit
>>> 1.5 why doesn't providehttp api for user manager?
>>> You need to do two things to get access to
>>> UserManager/PrincipalManager. First, you should remove the
>>> org.apache.sling.jcr.jackrabbit.api bundle. Then download the
>>> Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
>>> That will export the releveant JSR283 packages.
>>> Then you should be able to do the following (in a JSP or anywhere you
>>> have a Session):
>>> UserManager userManager = null;
>>> if(session instanceof PooledJackrabbitSession) {
>>> userManager = ((PooledJackrabbitSession)session).getUserManager();
>>> } else {
>>> // use reflection since Jackrabbit.core package not exported
>>> Method m = session.getClass().getMethod("getUserManager");
>>> userManager = (UserManager)m.invoke(session);
>>> }
>>> This same pattern works for PrincipalManager which is exposed on the
>>> JackrabbitSession. If you want the AccessControlManager (to set
>>> ACLs), you'll need to use the reflection approach only for now. You
>>> don't need to actually access the "security" workspace in order to
>>> create & manager users (although there's no good way to list all users
>>> right now, so accessing the workspace probably would give you that
>>> ability).
>>> I've created a utility class that wraps up all this messy code - I'll
>>> open an issue & submit the patch now.
>>> Regards,
>>> Rory
>>> yanshaozhiGmail wrote:
>>>
>>>
>>>> HI:
>>>>
>>>> As I know , now sling is support for jackrabbit 1.5 , it will
>>>> more powerfull if sling can provide api for user manager .
>>>>
>>>> And is there any way to implement user manage with sling
>>>> if I implement it myself ? how can I get ""security" workspace?
>>>>
>>>> It's seems that there isn't "security" workspace in sling's
>>>> jackrabbit repository.
>>>>
>>>>
>>>> 2009-01-08
>>>>
>>>>
>>>> yanjie
>>>>
>>>>
>
>
>
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
Posted by Juan José Vázquez Delgado <ju...@gmail.com>.
I think could be a good idea.
+1
Juanjo
On Thu, Jan 8, 2009 at 5:23 PM, Felix Meschberger <fm...@gmail.com>wrote:
> Hmm, I wonder, whether we should not change the default configuration of
> the jackrabbit-server bundle to use the below setup instead of our
> current Simple non-secured setup.
>
> WDYT ?
>
> Regards
> Felix
>
> Rory Douglas schrieb:
> > Yes, I think you'll need (at a minimum) to setup the SecurityManager.
> > If you setup the DefaultAccessManager, you can use AccessControlManager
> > to set ACLs on nodes for authorization. I haven't tried mixing these
> > with an external JAAS LoginModule, but I think it would work.
> > Otherwise, configure that too.
> >
> > <Security appName="Jackrabbit">
> > <SecurityManager
> > class="org.apache.jackrabbit.core.DefaultSecurityManager"
> > workspaceName="security"></SecurityManager>
> >
> > <AccessManager
> >
> class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
> >
> >
> > <LoginModule
> >
> class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
> >
> > <param name="anonymousId" value="anonymous"/>
> > <param name="adminId" value="admin"/>
> > </LoginModule>
> > </Security>
> >
> > Regards,
> > Rory
> >
> > yanshaozhiGmail wrote:
> >> HI:
> >>
> >> thanks very much for telling me so much , I have another question ,
> >> if I want to user the user manager in sling, Do I have to change the
> >> sling code (sling repository: repository.xml replace the
> >> SimpleAccessManager
> >> to DefultAccessManager and other interface.)
> >>
> >>
> >> 2009-01-08
> >>
> >>
> >> yanshaozhiGmail
> >>
> >>
> >> 发件人: Rory Douglas 发送时间: 2009-01-08 23:41:11 收件人:
> >> sling-dev 抄送: 主题: Re: Since sling is support ing for jackrabbit
> >> 1.5 why doesn't providehttp api for user manager?
> >> You need to do two things to get access to
> >> UserManager/PrincipalManager. First, you should remove the
> >> org.apache.sling.jcr.jackrabbit.api bundle. Then download the
> >> Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
> >> That will export the releveant JSR283 packages.
> >> Then you should be able to do the following (in a JSP or anywhere you
> >> have a Session):
> >> UserManager userManager = null;
> >> if(session instanceof PooledJackrabbitSession) {
> >> userManager = ((PooledJackrabbitSession)session).getUserManager();
> >> } else {
> >> // use reflection since Jackrabbit.core package not exported
> >> Method m = session.getClass().getMethod("getUserManager");
> >> userManager = (UserManager)m.invoke(session);
> >> }
> >> This same pattern works for PrincipalManager which is exposed on the
> >> JackrabbitSession. If you want the AccessControlManager (to set
> >> ACLs), you'll need to use the reflection approach only for now. You
> >> don't need to actually access the "security" workspace in order to
> >> create & manager users (although there's no good way to list all users
> >> right now, so accessing the workspace probably would give you that
> >> ability).
> >> I've created a utility class that wraps up all this messy code - I'll
> >> open an issue & submit the patch now.
> >> Regards,
> >> Rory
> >> yanshaozhiGmail wrote:
> >>
> >>> HI:
> >>>
> >>> As I know , now sling is support for jackrabbit 1.5 , it will
> >>> more powerfull if sling can provide api for user manager .
> >>>
> >>> And is there any way to implement user manage with sling
> >>> if I implement it myself ? how can I get ""security" workspace?
> >>>
> >>> It's seems that there isn't "security" workspace in sling's
> >>> jackrabbit repository.
> >>>
> >>>
> >>> 2009-01-08
> >>>
> >>>
> >>> yanjie
> >>>
> >
>
>
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp
api for user manager?
Posted by Felix Meschberger <fm...@gmail.com>.
Hmm, I wonder, whether we should not change the default configuration of
the jackrabbit-server bundle to use the below setup instead of our
current Simple non-secured setup.
WDYT ?
Regards
Felix
Rory Douglas schrieb:
> Yes, I think you'll need (at a minimum) to setup the SecurityManager.
> If you setup the DefaultAccessManager, you can use AccessControlManager
> to set ACLs on nodes for authorization. I haven't tried mixing these
> with an external JAAS LoginModule, but I think it would work.
> Otherwise, configure that too.
>
> <Security appName="Jackrabbit">
> <SecurityManager
> class="org.apache.jackrabbit.core.DefaultSecurityManager"
> workspaceName="security"></SecurityManager>
>
> <AccessManager
> class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
>
>
> <LoginModule
> class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
>
> <param name="anonymousId" value="anonymous"/>
> <param name="adminId" value="admin"/>
> </LoginModule>
> </Security>
>
> Regards,
> Rory
>
> yanshaozhiGmail wrote:
>> HI:
>>
>> thanks very much for telling me so much , I have another question ,
>> if I want to user the user manager in sling, Do I have to change the
>> sling code (sling repository: repository.xml replace the
>> SimpleAccessManager
>> to DefultAccessManager and other interface.)
>>
>>
>> 2009-01-08
>>
>>
>> yanshaozhiGmail
>>
>>
>> 发件人: Rory Douglas 发送时间: 2009-01-08 23:41:11 收件人:
>> sling-dev 抄送: 主题: Re: Since sling is support ing for jackrabbit
>> 1.5 why doesn't providehttp api for user manager?
>> You need to do two things to get access to
>> UserManager/PrincipalManager. First, you should remove the
>> org.apache.sling.jcr.jackrabbit.api bundle. Then download the
>> Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
>> That will export the releveant JSR283 packages.
>> Then you should be able to do the following (in a JSP or anywhere you
>> have a Session):
>> UserManager userManager = null;
>> if(session instanceof PooledJackrabbitSession) {
>> userManager = ((PooledJackrabbitSession)session).getUserManager();
>> } else {
>> // use reflection since Jackrabbit.core package not exported
>> Method m = session.getClass().getMethod("getUserManager");
>> userManager = (UserManager)m.invoke(session);
>> }
>> This same pattern works for PrincipalManager which is exposed on the
>> JackrabbitSession. If you want the AccessControlManager (to set
>> ACLs), you'll need to use the reflection approach only for now. You
>> don't need to actually access the "security" workspace in order to
>> create & manager users (although there's no good way to list all users
>> right now, so accessing the workspace probably would give you that
>> ability).
>> I've created a utility class that wraps up all this messy code - I'll
>> open an issue & submit the patch now.
>> Regards,
>> Rory
>> yanshaozhiGmail wrote:
>>
>>> HI:
>>>
>>> As I know , now sling is support for jackrabbit 1.5 , it will
>>> more powerfull if sling can provide api for user manager .
>>>
>>> And is there any way to implement user manage with sling
>>> if I implement it myself ? how can I get ""security" workspace?
>>>
>>> It's seems that there isn't "security" workspace in sling's
>>> jackrabbit repository.
>>>
>>>
>>> 2009-01-08
>>>
>>>
>>> yanjie
>>>
>
Re: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttpapi for user manager?
Posted by Jason Pratt <jp...@gmail.com>.
i think that makes sense. as i am sure many folks will want to access this
ability, i was just wondering how to do this myself.
jason
On Thu, Jan 8, 2009 at 11:38 AM, yanshaozhiGmail <ya...@gmail.com>wrote:
> HI:
>
> It will be much easier for users if sling can change the source code .
>
> And in my opinion, it's nesessary to change it, since sling support
> jackrabbit 1.5.
>
>
> 2009-01-09
>
>
>
> yanshaozhiGmail
>
>
>
> 发件人: Felix Meschberger
> 发送时间: 2009-01-09 00:24:12
> 收件人: sling-dev
> 抄送:
> 主题: Re: Since sling is support ing for jackrabbit 1.5 why doesn't
> providehttpapi for user manager?
>
> Hmm, I wonder, whether we should not change the default configuration of
> the jackrabbit-server bundle to use the below setup instead of our
> current Simple non-secured setup.
> WDYT ?
> Regards
> Felix
> Rory Douglas schrieb:
> > Yes, I think you'll need (at a minimum) to setup the SecurityManager.
> > If you setup the DefaultAccessManager, you can use AccessControlManager
> > to set ACLs on nodes for authorization. I haven't tried mixing these
> > with an external JAAS LoginModule, but I think it would work.
> > Otherwise, configure that too.
> >
> > <Security appName="Jackrabbit">
> > <SecurityManager
> > class="org.apache.jackrabbit.core.DefaultSecurityManager"
> > workspaceName="security"></SecurityManager>
> >
> > <AccessManager
> >
> class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
> >
> >
> > <LoginModule
> >
> class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
> >
> > <param name="anonymousId" value="anonymous"/>
> > <param name="adminId" value="admin"/>
> > </LoginModule>
> > </Security>
> >
> > Regards,
> > Rory
> >
> > yanshaozhiGmail wrote:
> >> HI:
> >>
> >> thanks very much for telling me so much , I have another question ,
> >> if I want to user the user manager in sling, Do I have to change the
> >> sling code (sling repository: repository.xml replace the
> >> SimpleAccessManager
> >> to DefultAccessManager and other interface.)
> >>
> >>
> >> 2009-01-08
> >>
> >>
> >> yanshaozhiGmail
> >>
> >>
> >> 发件人: Rory Douglas 发送时间: 2009-01-08 23:41:11 收件人:
> >> sling-dev 抄送: 主题: Re: Since sling is support ing for jackrabbit
> >> 1.5 why doesn't providehttp api for user manager?
> >> You need to do two things to get access to
> >> UserManager/PrincipalManager. First, you should remove the
> >> org.apache.sling.jcr.jackrabbit.api bundle. Then download the
> >> Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
> >> That will export the releveant JSR283 packages.
> >> Then you should be able to do the following (in a JSP or anywhere you
> >> have a Session):
> >> UserManager userManager = null;
> >> if(session instanceof PooledJackrabbitSession) {
> >> userManager = ((PooledJackrabbitSession)session).getUserManager();
> >> } else {
> >> // use reflection since Jackrabbit.core package not exported
> >> Method m = session.getClass().getMethod("getUserManager");
> >> userManager = (UserManager)m.invoke(session);
> >> }
> >> This same pattern works for PrincipalManager which is exposed on the
> >> JackrabbitSession. If you want the AccessControlManager (to set
> >> ACLs), you'll need to use the reflection approach only for now. You
> >> don't need to actually access the "security" workspace in order to
> >> create & manager users (although there's no good way to list all users
> >> right now, so accessing the workspace probably would give you that
> >> ability).
> >> I've created a utility class that wraps up all this messy code - I'll
> >> open an issue & submit the patch now.
> >> Regards,
> >> Rory
> >> yanshaozhiGmail wrote:
> >>
> >>> HI:
> >>>
> >>> As I know , now sling is support for jackrabbit 1.5 , it will
> >>> more powerfull if sling can provide api for user manager .
> >>>
> >>> And is there any way to implement user manage with sling
> >>> if I implement it myself ? how can I get ""security" workspace?
> >>>
> >>> It's seems that there isn't "security" workspace in sling's
> >>> jackrabbit repository.
> >>>
> >>>
> >>> 2009-01-08
> >>>
> >>>
> >>> yanjie
> >>>
> >
>
Re: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttpapi for user manager?
Posted by yanshaozhiGmail <ya...@gmail.com>.
HI:
It will be much easier for users if sling can change the source code .
And in my opinion, it's nesessary to change it, since sling support jackrabbit 1.5.
2009-01-09
yanshaozhiGmail
发件人: Felix Meschberger
发送时间: 2009-01-09 00:24:12
收件人: sling-dev
抄送:
主题: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttpapi for user manager?
Hmm, I wonder, whether we should not change the default configuration of
the jackrabbit-server bundle to use the below setup instead of our
current Simple non-secured setup.
WDYT ?
Regards
Felix
Rory Douglas schrieb:
> Yes, I think you'll need (at a minimum) to setup the SecurityManager.
> If you setup the DefaultAccessManager, you can use AccessControlManager
> to set ACLs on nodes for authorization. I haven't tried mixing these
> with an external JAAS LoginModule, but I think it would work.
> Otherwise, configure that too.
>
> <Security appName="Jackrabbit">
> <SecurityManager
> class="org.apache.jackrabbit.core.DefaultSecurityManager"
> workspaceName="security"></SecurityManager>
>
> <AccessManager
> class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
>
>
> <LoginModule
> class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
>
> <param name="anonymousId" value="anonymous"/>
> <param name="adminId" value="admin"/>
> </LoginModule>
> </Security>
>
> Regards,
> Rory
>
> yanshaozhiGmail wrote:
>> HI:
>>
>> thanks very much for telling me so much , I have another question ,
>> if I want to user the user manager in sling, Do I have to change the
>> sling code (sling repository: repository.xml replace the
>> SimpleAccessManager
>> to DefultAccessManager and other interface.)
>>
>>
>> 2009-01-08
>>
>>
>> yanshaozhiGmail
>>
>>
>> 发件人: Rory Douglas 发送时间: 2009-01-08 23:41:11 收件人:
>> sling-dev 抄送: 主题: Re: Since sling is support ing for jackrabbit
>> 1.5 why doesn't providehttp api for user manager?
>> You need to do two things to get access to
>> UserManager/PrincipalManager. First, you should remove the
>> org.apache.sling.jcr.jackrabbit.api bundle. Then download the
>> Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
>> That will export the releveant JSR283 packages.
>> Then you should be able to do the following (in a JSP or anywhere you
>> have a Session):
>> UserManager userManager = null;
>> if(session instanceof PooledJackrabbitSession) {
>> userManager = ((PooledJackrabbitSession)session).getUserManager();
>> } else {
>> // use reflection since Jackrabbit.core package not exported
>> Method m = session.getClass().getMethod("getUserManager");
>> userManager = (UserManager)m.invoke(session);
>> }
>> This same pattern works for PrincipalManager which is exposed on the
>> JackrabbitSession. If you want the AccessControlManager (to set
>> ACLs), you'll need to use the reflection approach only for now. You
>> don't need to actually access the "security" workspace in order to
>> create & manager users (although there's no good way to list all users
>> right now, so accessing the workspace probably would give you that
>> ability).
>> I've created a utility class that wraps up all this messy code - I'll
>> open an issue & submit the patch now.
>> Regards,
>> Rory
>> yanshaozhiGmail wrote:
>>
>>> HI:
>>>
>>> As I know , now sling is support for jackrabbit 1.5 , it will
>>> more powerfull if sling can provide api for user manager .
>>>
>>> And is there any way to implement user manage with sling
>>> if I implement it myself ? how can I get ""security" workspace?
>>>
>>> It's seems that there isn't "security" workspace in sling's
>>> jackrabbit repository.
>>>
>>>
>>> 2009-01-08
>>>
>>>
>>> yanjie
>>>
>
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp
api for user manager?
Posted by Rory Douglas <ro...@oracle.com>.
Yes, I think you'll need (at a minimum) to setup the SecurityManager.
If you setup the DefaultAccessManager, you can use AccessControlManager
to set ACLs on nodes for authorization. I haven't tried mixing these
with an external JAAS LoginModule, but I think it would work.
Otherwise, configure that too.
<Security appName="Jackrabbit">
<SecurityManager
class="org.apache.jackrabbit.core.DefaultSecurityManager"
workspaceName="security"></SecurityManager>
<AccessManager
class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
<LoginModule
class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
<param name="anonymousId" value="anonymous"/>
<param name="adminId" value="admin"/>
</LoginModule>
</Security>
Regards,
Rory
yanshaozhiGmail wrote:
> HI:
>
> thanks very much for telling me so much , I have another question ,
>
> if I want to user the user manager in sling, Do I have to change the
>
> sling code (sling repository: repository.xml replace the SimpleAccessManager
>
> to DefultAccessManager and other interface.)
>
>
> 2009-01-08
>
>
>
> yanshaozhiGmail
>
>
>
> 发件人: Rory Douglas
> 发送时间: 2009-01-08 23:41:11
> 收件人: sling-dev
> 抄送:
> 主题: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
>
> You need to do two things to get access to
> UserManager/PrincipalManager. First, you should remove the
> org.apache.sling.jcr.jackrabbit.api bundle. Then download the
> Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
> That will export the releveant JSR283 packages.
> Then you should be able to do the following (in a JSP or anywhere you
> have a Session):
> UserManager userManager = null;
> if(session instanceof PooledJackrabbitSession) {
> userManager = ((PooledJackrabbitSession)session).getUserManager();
> } else {
> // use reflection since Jackrabbit.core package not exported
> Method m = session.getClass().getMethod("getUserManager");
> userManager = (UserManager)m.invoke(session);
> }
> This same pattern works for PrincipalManager which is exposed on the
> JackrabbitSession. If you want the AccessControlManager (to set ACLs),
> you'll need to use the reflection approach only for now. You don't need
> to actually access the "security" workspace in order to create & manager
> users (although there's no good way to list all users right now, so
> accessing the workspace probably would give you that ability).
> I've created a utility class that wraps up all this messy code - I'll
> open an issue & submit the patch now.
> Regards,
> Rory
> yanshaozhiGmail wrote:
>
>> HI:
>>
>> As I know , now sling is support for jackrabbit 1.5 , it will
>>
>> more powerfull if sling can provide api for user manager .
>>
>> And is there any way to implement user manage with sling
>>
>> if I implement it myself ? how can I get ""security" workspace?
>>
>> It's seems that there isn't "security" workspace in sling's
>>
>> jackrabbit repository.
>>
>>
>> 2009-01-08
>>
>>
>>
>> yanjie
>>
>>
>>
--
Rory Douglas | Senior Principal Consultant
Fax: +1-201-604-6428 | Mobile: +1-917-498-5344
Oracle North America Consulting
ORACLE United States | | San Diego, CA
"Please consider your environmental responsibility before printing this
e-mail"
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp
api for user manager?
Posted by Carsten Ziegeler <cz...@apache.org>.
Felix Meschberger wrote
>
> User Admin Implementation: I could imagine, that we would implement the
> OSGi Compendium User Admin Specification using the repository to do the
> actual authentication. Also Role and Group assignment could be done
> through the repository. This would allow us to implement the Sling
> Authenticator based on OSGi User Admin and thus provide the
> Authorization object in the request context. It would also allow the
> Apache Felix project to extend the Web Console to use the User Admin
> service to control access to the console.
>
> WDYT ?
>
Sounds like a great idea! +1
Carsten
--
Carsten Ziegeler
cziegeler@apache.org
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp
api for user manager?
Posted by Felix Meschberger <fm...@gmail.com>.
Hi,
Torgeir Veimo schrieb:
>
> On 9 Jan 2009, at 03:00, Rory Douglas wrote:
>
>> Actually, if you need to, it's simple to access the "security"
>> workspace (if you have the admin credentials):
>
>
> [...]
>
> Having SlingRequest implement getRemoteUser(), getUserPrincipal() and
> isUserInRole() would help a lot.
This what is support today:
* getRemoteUser() returns the value of Session.getUserId() if
the request is authenticated.
* getUserPrincipal() returns a simple Principal instance
encapsulating the remote user instance.
* isUserInRole() returns the result of calling the
Authorization.hasRole() method with the role name, if the
authenticator provided the Auhtorization object.
There are ways to improve this:
* getUserPrincipal could try to call
JackrabbitSession.getPrincipalManager().getPrincipal()
for the remote user (and fall back to the simple Principal
if not possible
* isUserInRole is currently not really available since the
SlingAuthenticator does not provide Authorization object. By
implementing the OSGi User Admin Specification, we could modify
the SlingAuthenticator to use the User Admin service and therefore
provide the Authorization object.
User Admin Implementation: I could imagine, that we would implement the
OSGi Compendium User Admin Specification using the repository to do the
actual authentication. Also Role and Group assignment could be done
through the repository. This would allow us to implement the Sling
Authenticator based on OSGi User Admin and thus provide the
Authorization object in the request context. It would also allow the
Apache Felix project to extend the Web Console to use the User Admin
service to control access to the console.
WDYT ?
Regards
Felix
Re: Since sling is support ing for jackrabbit 1.5 why doesn't
providehttp api for user manager?
Posted by Torgeir Veimo <to...@pobox.com>.
On 9 Jan 2009, at 03:00, Rory Douglas wrote:
> Actually, if you need to, it's simple to access the "security"
> workspace (if you have the admin credentials):
[...]
Having SlingRequest implement getRemoteUser(), getUserPrincipal() and
isUserInRole() would help a lot.
--
Torgeir Veimo
torgeir@pobox.com
Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp
api for user manager?
Posted by Rory Douglas <ro...@oracle.com>.
Actually, if you need to, it's simple to access the "security" workspace
(if you have the admin credentials):
<%
Session jcrSession = currentNode.getSession();
SimpleCredentials creds = new
SimpleCredentials("admin","admin".toCharArray());
Session secSession = jcrSession.getRepository().login(creds,"security");
Query secQuery =
secSession.getWorkspace().getQueryManager().createQuery("//element(*,rep:User)","xpath");
QueryResult secResult = secQuery.execute();
%>
That should list all users configured in the repository (as a result of
UserManager.createUser() calls, and the admin/anonymous profiles).
yanshaozhiGmail wrote:
> HI:
>
> thanks very much for telling me so much , I have another question ,
>
> if I want to user the user manager in sling, Do I have to change the
>
> sling code (sling repository: repository.xml replace the SimpleAccessManager
>
> to DefultAccessManager and other interface.)
>
>
> 2009-01-08
>
>
>
> yanshaozhiGmail
>
>
>
> 发件人: Rory Douglas
> 发送时间: 2009-01-08 23:41:11
> 收件人: sling-dev
> 抄送:
> 主题: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
>
> You need to do two things to get access to
> UserManager/PrincipalManager. First, you should remove the
> org.apache.sling.jcr.jackrabbit.api bundle. Then download the
> Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
> That will export the releveant JSR283 packages.
> Then you should be able to do the following (in a JSP or anywhere you
> have a Session):
> UserManager userManager = null;
> if(session instanceof PooledJackrabbitSession) {
> userManager = ((PooledJackrabbitSession)session).getUserManager();
> } else {
> // use reflection since Jackrabbit.core package not exported
> Method m = session.getClass().getMethod("getUserManager");
> userManager = (UserManager)m.invoke(session);
> }
> This same pattern works for PrincipalManager which is exposed on the
> JackrabbitSession. If you want the AccessControlManager (to set ACLs),
> you'll need to use the reflection approach only for now. You don't need
> to actually access the "security" workspace in order to create & manager
> users (although there's no good way to list all users right now, so
> accessing the workspace probably would give you that ability).
> I've created a utility class that wraps up all this messy code - I'll
> open an issue & submit the patch now.
> Regards,
> Rory
> yanshaozhiGmail wrote:
>
>> HI:
>>
>> As I know , now sling is support for jackrabbit 1.5 , it will
>>
>> more powerfull if sling can provide api for user manager .
>>
>> And is there any way to implement user manage with sling
>>
>> if I implement it myself ? how can I get ""security" workspace?
>>
>> It's seems that there isn't "security" workspace in sling's
>>
>> jackrabbit repository.
>>
>>
>> 2009-01-08
>>
>>
>>
>> yanjie
>>
>>
>>
--
Rory Douglas | Senior Principal Consultant
Fax: +1-201-604-6428 | Mobile: +1-917-498-5344
Oracle North America Consulting
ORACLE United States | | San Diego, CA
"Please consider your environmental responsibility before printing this
e-mail"
Re: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
Posted by Juan José Vázquez Delgado <ju...@gmail.com>.
You could use an external repository.xml config file and an optional
external root directory for your jackrabbit repository. It´s not necessary
you modify the sling code.
Have a look to [1].
BR,
Juanjo
[1] https://issues.apache.org/jira/browse/SLING-739
On Thu, Jan 8, 2009 at 4:54 PM, yanshaozhiGmail <ya...@gmail.com>wrote:
> HI:
>
> thanks very much for telling me so much , I have another question ,
>
> if I want to user the user manager in sling, Do I have to change the
>
> sling code (sling repository: repository.xml replace the
> SimpleAccessManager
>
> to DefultAccessManager and other interface.)
>
>
> 2009-01-08
>
>
>
> yanshaozhiGmail
>
>
>
> 发件人: Rory Douglas
> 发送时间: 2009-01-08 23:41:11
> 收件人: sling-dev
> 抄送:
> 主题: Re: Since sling is support ing for jackrabbit 1.5 why doesn't
> providehttp api for user manager?
>
> You need to do two things to get access to
> UserManager/PrincipalManager. First, you should remove the
> org.apache.sling.jcr.jackrabbit.api bundle. Then download the
> Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
> That will export the releveant JSR283 packages.
> Then you should be able to do the following (in a JSP or anywhere you
> have a Session):
> UserManager userManager = null;
> if(session instanceof PooledJackrabbitSession) {
> userManager = ((PooledJackrabbitSession)session).getUserManager();
> } else {
> // use reflection since Jackrabbit.core package not exported
> Method m = session.getClass().getMethod("getUserManager");
> userManager = (UserManager)m.invoke(session);
> }
> This same pattern works for PrincipalManager which is exposed on the
> JackrabbitSession. If you want the AccessControlManager (to set ACLs),
> you'll need to use the reflection approach only for now. You don't need
> to actually access the "security" workspace in order to create & manager
> users (although there's no good way to list all users right now, so
> accessing the workspace probably would give you that ability).
> I've created a utility class that wraps up all this messy code - I'll
> open an issue & submit the patch now.
> Regards,
> Rory
> yanshaozhiGmail wrote:
> > HI:
> >
> > As I know , now sling is support for jackrabbit 1.5 , it will
> >
> > more powerfull if sling can provide api for user manager .
> >
> > And is there any way to implement user manage with sling
> >
> > if I implement it myself ? how can I get ""security" workspace?
> >
> > It's seems that there isn't "security" workspace in sling's
> >
> > jackrabbit repository.
> >
> >
> > 2009-01-08
> >
> >
> >
> > yanjie
> >
> >
>
Re: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttpapi for user manager?
Posted by yanshaozhiGmail <ya...@gmail.com>.
Hi:
I kown this ,I used to realize it with the method , and in order to realize it ,
I have to create a project only for runing a jackrabbit server with my needed repository.xml,
However I want to use sling's jackrabbit server ,and now sling's repository.xml is not support
user so well for user manage . As a result , I want to get a way ,use sling's jackrabbit
server and can realize user management .
2009-01-09
yanshaozhiGmail
发件人: Rory Douglas
发送时间: 2009-01-09 01:01:51
收件人: sling-dev
抄送:
主题: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttpapi for user manager?
Actually, if you need to, it's simple to access the "security" workspace
(if you have the admin credentials):
<%
Session jcrSession = currentNode.getSession();
SimpleCredentials creds = new
SimpleCredentials("admin","admin".toCharArray());
Session secSession = jcrSession.getRepository().login(creds,"security");
Query secQuery =
secSession.getWorkspace().getQueryManager().createQuery("//element(*,rep:User)","xpath");
QueryResult secResult = secQuery.execute();
%>
That should list all users configured in the repository (as a result of
UserManager.createUser() calls, and the admin/anonymous profiles).
yanshaozhiGmail wrote:
> HI:
>
> thanks very much for telling me so much , I have another question ,
>
> if I want to user the user manager in sling, Do I have to change the
>
> sling code (sling repository: repository.xml replace the SimpleAccessManager
>
> to DefultAccessManager and other interface.)
>
>
> 2009-01-08
>
>
>
> yanshaozhiGmail
>
>
>
> 发件人: Rory Douglas
> 发送时间: 2009-01-08 23:41:11
> 收件人: sling-dev
> 抄送:
> 主题: Re: Since sling is support ing for jackrabbit 1.5 why doesn't providehttp api for user manager?
>
> You need to do two things to get access to
> UserManager/PrincipalManager. First, you should remove the
> org.apache.sling.jcr.jackrabbit.api bundle. Then download the
> Jackrabbit 1.5 API bundle & install that instead (it's OSGI-ified).
> That will export the releveant JSR283 packages.
> Then you should be able to do the following (in a JSP or anywhere you
> have a Session):
> UserManager userManager = null;
> if(session instanceof PooledJackrabbitSession) {
> userManager = ((PooledJackrabbitSession)session).getUserManager();
> } else {
> // use reflection since Jackrabbit.core package not exported
> Method m = session.getClass().getMethod("getUserManager");
> userManager = (UserManager)m.invoke(session);
> }
> This same pattern works for PrincipalManager which is exposed on the
> JackrabbitSession. If you want the AccessControlManager (to set ACLs),
> you'll need to use the reflection approach only for now. You don't need
> to actually access the "security" workspace in order to create & manager
> users (although there's no good way to list all users right now, so
> accessing the workspace probably would give you that ability).
> I've created a utility class that wraps up all this messy code - I'll
> open an issue & submit the patch now.
> Regards,
> Rory
> yanshaozhiGmail wrote:
>
>> HI:
>>
>> As I know , now sling is support for jackrabbit 1.5 , it will
>>
>> more powerfull if sling can provide api for user manager .
>>
>> And is there any way to implement user manage with sling
>>
>> if I implement it myself ? how can I get ""security" workspace?
>>
>> It's seems that there isn't "security" workspace in sling's
>>
>> jackrabbit repository.
>>
>>
>> 2009-01-08
>>
>>
>>
>> yanjie
>>
>>
>>
--
Rory Douglas | Senior Principal Consultant
Fax: +1-201-604-6428 | Mobile: +1-917-498-5344
Oracle North America Consulting
ORACLE United States | | San Diego, CA
"Please consider your environmental responsibility before printing this
e-mail"