You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Alexander Klimetschek <ak...@day.com> on 2009/01/05 17:10:18 UTC
Re: limit user's permission to read only
AFAIK policy changes are only applied to new sessions, so if there are
existing sessions still open, the new read-only policy won't be
applied to them (I think the ACLs are cached in the sessions for
performance reasons). A restart automatically gives you fresh new
sessions.
Regards,
Alex
On Tue, Dec 30, 2008 at 8:35 PM, Cheng Zhang <zh...@yahoo.com> wrote:
> The problem is gone after I recreate the repository. Thank you, Todd.
>
> -Kevin
>
>
>
> ----- Original Message ----
> From: Todd Seiber <to...@gmail.com>
> To: users@jackrabbit.apache.org
> Sent: Monday, December 29, 2008 1:28:03 PM
> Subject: Re: limit user's permission to read only
>
> I have run this code against a newly initialized repositry and it is working
> for me. How are you testing? Is it possible that there are other permissions
> which are granting access?
>
> On Mon, Dec 29, 2008 at 2:10 PM, Cheng Zhang <zh...@yahoo.com>wrote:
>
>> Hi,
>>
>> I'm new to Jackrabbit. Can anybody share me a piece of code about how to
>> limit user's repository permission to read-only? My code below doesn't work.
>>
>> Repository repo =
>> RepositoryAccessServlet.getRepository(pageContext.getServletContext());
>> SessionImpl jcrsession = (SessionImpl) repo.login(new
>> SimpleCredentials("admin", "admin".toCharArray()));
>> UserManager userManager = jcrsession.getUserManager();
>> User user = (User) userManager.getAuthorizable("anonymous");
>> AccessControlManager accessControlManager =
>> jcrsession.getAccessControlManager();
>> String restrictedArea = "/";
>>
>> org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator
>> restrictedPolicies =
>> accessControlManager.getApplicablePolicies(restrictedArea);
>>
>> org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
>> restrictedPolicy =
>>
>> (org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList)
>> restrictedPolicies.nextAccessControlPolicy();
>> Privilege[] readonlyPrivileges = {
>>
>> accessControlManager.privilegeFromName(Privilege.JCR_READ),
>>
>> accessControlManager.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL),
>> };
>>
>> restrictedPolicy.addEntry(user.getPrincipal(),
>> readonlyPrivileges, true);
>> accessControlManager.setPolicy(restrictedArea,
>> restrictedPolicy);
>>
>> jcrsession.save();
>> jcrsession.logout();
>>
>>
>> Your kind help is appreciated greatly.
>>
>> Thanks a lot,
>> Kevin
>>
>
>
>
> --
> Todd Seiber
> 830 Fishing Creek Rd.
> New Cumberland, PA 17070
>
> h. 717-938-5778
> c. 717-497-1742
> e. todd.seiber@gmail.com
>
>
--
Alexander Klimetschek
alexander.klimetschek@day.com