You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Alexander Klimetschek <ak...@day.com> on 2009/01/05 17:10:18 UTC

Re: limit user's permission to read only

AFAIK policy changes are only applied to new sessions, so if there are
existing sessions still open, the new read-only policy won't be
applied to them (I think the ACLs are cached in the sessions for
performance reasons). A restart automatically gives you fresh new
sessions.

Regards,
Alex

On Tue, Dec 30, 2008 at 8:35 PM, Cheng Zhang <zh...@yahoo.com> wrote:
> The problem is gone after I recreate the repository. Thank you, Todd.
>
> -Kevin
>
>
>
> ----- Original Message ----
> From: Todd Seiber <to...@gmail.com>
> To: users@jackrabbit.apache.org
> Sent: Monday, December 29, 2008 1:28:03 PM
> Subject: Re: limit user's permission to read only
>
> I have run this code against a newly initialized repositry and it is working
> for me. How are you testing? Is it possible that there are other permissions
> which are granting access?
>
> On Mon, Dec 29, 2008 at 2:10 PM, Cheng Zhang <zh...@yahoo.com>wrote:
>
>> Hi,
>>
>> I'm new to Jackrabbit. Can anybody share me a piece of code about how to
>> limit user's repository permission to read-only? My code below doesn't work.
>>
>>            Repository repo =
>> RepositoryAccessServlet.getRepository(pageContext.getServletContext());
>>            SessionImpl jcrsession = (SessionImpl) repo.login(new
>> SimpleCredentials("admin", "admin".toCharArray()));
>>            UserManager userManager = jcrsession.getUserManager();
>>            User user = (User) userManager.getAuthorizable("anonymous");
>>            AccessControlManager accessControlManager =
>> jcrsession.getAccessControlManager();
>>            String restrictedArea = "/";
>>
>>  org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator
>> restrictedPolicies =
>>                accessControlManager.getApplicablePolicies(restrictedArea);
>>
>>  org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList
>> restrictedPolicy =
>>
>>  (org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList)
>> restrictedPolicies.nextAccessControlPolicy();
>>            Privilege[] readonlyPrivileges = {
>>
>>  accessControlManager.privilegeFromName(Privilege.JCR_READ),
>>
>>  accessControlManager.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL),
>>            };
>>
>>            restrictedPolicy.addEntry(user.getPrincipal(),
>> readonlyPrivileges, true);
>>            accessControlManager.setPolicy(restrictedArea,
>> restrictedPolicy);
>>
>>            jcrsession.save();
>>            jcrsession.logout();
>>
>>
>> Your kind help is appreciated greatly.
>>
>> Thanks a lot,
>> Kevin
>>
>
>
>
> --
> Todd Seiber
> 830 Fishing Creek Rd.
> New Cumberland, PA 17070
>
> h. 717-938-5778
> c. 717-497-1742
> e. todd.seiber@gmail.com
>
>



-- 
Alexander Klimetschek
alexander.klimetschek@day.com