You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Javier Arias <ja...@ujaen.es> on 2011/01/04 12:45:28 UTC
Doubt with username and password
Hi, I am new using JackRabbit. I have one problem, I need change the
username and password to access to the repository. At the moment, I can
access whit every password and user but, for my need, it is not
secure.
I have read the documentation and I have done the followings changes in
the file "repository.xml":
Afther that I restarted the server but it did not work.
<LoginModule
class="org.apache.jackrabbit.core.security.simple.SimpleLoginModule">
<!--
anonymous user name ('anonymous' is the default value)
-->
<param name="anonymousId" value="user"/>
<!--
administrator user id (default value if param is missing
is 'admin')
-->
<param name="adminId" value="pass"/>
</LoginModule>
Can anyone help me?
Thanks a lot. Best regards.
Re: AW: New information about my last email...
Posted by Yusuf Aaji <yu...@gmail.com>.
I usually use something like:
Principal admin = new PricipalImpl("admin");
On Tue, Jan 25, 2011 at 12:02 PM, Javier Arias <ja...@ujaen.es> wrote:
> I have called session.getRootNode(). Now when I call:
> Principal p = (Principal) ((User) authorizable).getPrincipal();
> the program throws a NullPointerException.
>
> Does anybody know why?
>
> Thanks. Regards.
>
> El lun, 24-01-2011 a las 23:53 +0300, Yusuf Aaji escribió:
> > Javier,
> >
> > Use session.getRootNode() to apply the new policy on the whole
> repository.
> >
> > BR,
> > Yusuf
> >
> > On Mon, Jan 24, 2011 at 7:40 PM, Javier Arias <ja...@ujaen.es> wrote:
> >
> > > Hi, I am trying grant privileges to a user but I can not do it. The
> code
> > > I am using is the following.
> > >
> > > Can anybody help me?
> > >
> > >
> > >
> > > Repository repository = new TransientRepository(new File(_rep));
> > > Session session = repository.login(new
> > > SimpleCredentials("admin","admin");
> > >
> > > UserManager userManager = ((JackrabbitSession)
> > > session).getUserManager();
> > >
> > > AccessControlManager acm = session.getAccessControlManager();
> > >
> > > Node node = sessionAdmin.getRootNodeByIdentifier("admin");
> > >
> > >
> > > Authorizable authorizable = userManager.getAuthorizable(user);
> > > Principal p = (Principal) ((User) authorizable).getPrincipal();
> > >
> > > Privilege[] privileges = null;
> > > AccessControlPolicyIterator it = (AccessControlPolicyIterator)
> > > acm.getApplicablePolicies(node.getPath());
> > > if (it.hasNext())
> > > {
> > > AccessControlPolicy policy = it.nextAccessControlPolicy();
> > > if (policy instanceof AccessControlList)
> > > {
> > > privileges[0] =
> acm.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES);
> > > privileges[1] = acm.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES);
> > > privileges[2] = acm.privilegeFromName(Privilege.JCR_REMOVE_NODE);
> > > privileges[3] =
> > > acm.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES);
> > > privileges[4] =
> > > acm.privilegeFromName(Privilege.JCR_NODE_TYPE_MANAGEMENT);
> > >
> > >
> > > ((AccessControlList)policy).addAccessControlEntry(p,privileges);
> > > acm.setPolicy(node.getPath(), policy);
> > > }
> > > }
> > > session.save();
> > > session.logout();
> > >
> > >
> > > Another problem is, in class AccessControlPolicy I must call
> > > AccessControlPolicy.getApplicablePolicies() and setPolicy() passing as
> > > parameter a node. I do not know how I should get this nodo.
> > > Session.getRootNode()?
> > > session.getNode("user")?
> > > session.getNodeByIdentifier("user")?
> > >
> > > If I call getNode("user") or getNodeByIdentifier("user") the program
> > > throws a Repository exception.
> > >
> > > Thank you in advance. Regards.
> > >
> > > El sáb, 22-01-2011 a las 18:44 +0100, Seidel. Robert escribió:
> > > > Hi Javier,
> > > >
> > > > The jsr specification helped me a lot:
> > > http://jcp.org/aboutJava/communityprocess/final/jsr283/index.html
> > > >
> > > > See page 225 and following.
> > > >
> > > > Regards, Robert
> > > >
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: Angela Schreiber [mailto:anchela@adobe.com]
> > > > Gesendet: Freitag, 21. Januar 2011 15:10
> > > > An: users@jackrabbit.apache.org
> > > > Betreff: Re: New information about my last email...
> > > >
> > > > hi javier
> > > >
> > > > > About grant privileges an user, I am some lost. I understood first
> step
> > > > > and second step but I do not know how follow. How can I get
> > > > > AccessControlList? How grant privileges with User.getPrincipal?
> > > >
> > > > did you take a look a the JCR API related to access control?
> > > > starting from Session.getAccessControlManager() you should find your
> > > > way through, i guess.
> > > >
> > > > angela
> > >
> > >
> > >
> > >
> > >
>
>
>
>
Re: AW: New information about my last email...
Posted by Javier Arias <ja...@ujaen.es>.
I have called session.getRootNode(). Now when I call:
Principal p = (Principal) ((User) authorizable).getPrincipal();
the program throws a NullPointerException.
Does anybody know why?
Thanks. Regards.
El lun, 24-01-2011 a las 23:53 +0300, Yusuf Aaji escribió:
> Javier,
>
> Use session.getRootNode() to apply the new policy on the whole repository.
>
> BR,
> Yusuf
>
> On Mon, Jan 24, 2011 at 7:40 PM, Javier Arias <ja...@ujaen.es> wrote:
>
> > Hi, I am trying grant privileges to a user but I can not do it. The code
> > I am using is the following.
> >
> > Can anybody help me?
> >
> >
> >
> > Repository repository = new TransientRepository(new File(_rep));
> > Session session = repository.login(new
> > SimpleCredentials("admin","admin");
> >
> > UserManager userManager = ((JackrabbitSession)
> > session).getUserManager();
> >
> > AccessControlManager acm = session.getAccessControlManager();
> >
> > Node node = sessionAdmin.getRootNodeByIdentifier("admin");
> >
> >
> > Authorizable authorizable = userManager.getAuthorizable(user);
> > Principal p = (Principal) ((User) authorizable).getPrincipal();
> >
> > Privilege[] privileges = null;
> > AccessControlPolicyIterator it = (AccessControlPolicyIterator)
> > acm.getApplicablePolicies(node.getPath());
> > if (it.hasNext())
> > {
> > AccessControlPolicy policy = it.nextAccessControlPolicy();
> > if (policy instanceof AccessControlList)
> > {
> > privileges[0] = acm.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES);
> > privileges[1] = acm.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES);
> > privileges[2] = acm.privilegeFromName(Privilege.JCR_REMOVE_NODE);
> > privileges[3] =
> > acm.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES);
> > privileges[4] =
> > acm.privilegeFromName(Privilege.JCR_NODE_TYPE_MANAGEMENT);
> >
> >
> > ((AccessControlList)policy).addAccessControlEntry(p,privileges);
> > acm.setPolicy(node.getPath(), policy);
> > }
> > }
> > session.save();
> > session.logout();
> >
> >
> > Another problem is, in class AccessControlPolicy I must call
> > AccessControlPolicy.getApplicablePolicies() and setPolicy() passing as
> > parameter a node. I do not know how I should get this nodo.
> > Session.getRootNode()?
> > session.getNode("user")?
> > session.getNodeByIdentifier("user")?
> >
> > If I call getNode("user") or getNodeByIdentifier("user") the program
> > throws a Repository exception.
> >
> > Thank you in advance. Regards.
> >
> > El sáb, 22-01-2011 a las 18:44 +0100, Seidel. Robert escribió:
> > > Hi Javier,
> > >
> > > The jsr specification helped me a lot:
> > http://jcp.org/aboutJava/communityprocess/final/jsr283/index.html
> > >
> > > See page 225 and following.
> > >
> > > Regards, Robert
> > >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Angela Schreiber [mailto:anchela@adobe.com]
> > > Gesendet: Freitag, 21. Januar 2011 15:10
> > > An: users@jackrabbit.apache.org
> > > Betreff: Re: New information about my last email...
> > >
> > > hi javier
> > >
> > > > About grant privileges an user, I am some lost. I understood first step
> > > > and second step but I do not know how follow. How can I get
> > > > AccessControlList? How grant privileges with User.getPrincipal?
> > >
> > > did you take a look a the JCR API related to access control?
> > > starting from Session.getAccessControlManager() you should find your
> > > way through, i guess.
> > >
> > > angela
> >
> >
> >
> >
> >
Re: AW: New information about my last email...
Posted by Yusuf Aaji <yu...@gmail.com>.
Javier,
Use session.getRootNode() to apply the new policy on the whole repository.
BR,
Yusuf
On Mon, Jan 24, 2011 at 7:40 PM, Javier Arias <ja...@ujaen.es> wrote:
> Hi, I am trying grant privileges to a user but I can not do it. The code
> I am using is the following.
>
> Can anybody help me?
>
>
>
> Repository repository = new TransientRepository(new File(_rep));
> Session session = repository.login(new
> SimpleCredentials("admin","admin");
>
> UserManager userManager = ((JackrabbitSession)
> session).getUserManager();
>
> AccessControlManager acm = session.getAccessControlManager();
>
> Node node = sessionAdmin.getRootNodeByIdentifier("admin");
>
>
> Authorizable authorizable = userManager.getAuthorizable(user);
> Principal p = (Principal) ((User) authorizable).getPrincipal();
>
> Privilege[] privileges = null;
> AccessControlPolicyIterator it = (AccessControlPolicyIterator)
> acm.getApplicablePolicies(node.getPath());
> if (it.hasNext())
> {
> AccessControlPolicy policy = it.nextAccessControlPolicy();
> if (policy instanceof AccessControlList)
> {
> privileges[0] = acm.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES);
> privileges[1] = acm.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES);
> privileges[2] = acm.privilegeFromName(Privilege.JCR_REMOVE_NODE);
> privileges[3] =
> acm.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES);
> privileges[4] =
> acm.privilegeFromName(Privilege.JCR_NODE_TYPE_MANAGEMENT);
>
>
> ((AccessControlList)policy).addAccessControlEntry(p,privileges);
> acm.setPolicy(node.getPath(), policy);
> }
> }
> session.save();
> session.logout();
>
>
> Another problem is, in class AccessControlPolicy I must call
> AccessControlPolicy.getApplicablePolicies() and setPolicy() passing as
> parameter a node. I do not know how I should get this nodo.
> Session.getRootNode()?
> session.getNode("user")?
> session.getNodeByIdentifier("user")?
>
> If I call getNode("user") or getNodeByIdentifier("user") the program
> throws a Repository exception.
>
> Thank you in advance. Regards.
>
> El sáb, 22-01-2011 a las 18:44 +0100, Seidel. Robert escribió:
> > Hi Javier,
> >
> > The jsr specification helped me a lot:
> http://jcp.org/aboutJava/communityprocess/final/jsr283/index.html
> >
> > See page 225 and following.
> >
> > Regards, Robert
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Angela Schreiber [mailto:anchela@adobe.com]
> > Gesendet: Freitag, 21. Januar 2011 15:10
> > An: users@jackrabbit.apache.org
> > Betreff: Re: New information about my last email...
> >
> > hi javier
> >
> > > About grant privileges an user, I am some lost. I understood first step
> > > and second step but I do not know how follow. How can I get
> > > AccessControlList? How grant privileges with User.getPrincipal?
> >
> > did you take a look a the JCR API related to access control?
> > starting from Session.getAccessControlManager() you should find your
> > way through, i guess.
> >
> > angela
>
>
>
>
>
AW: AW: AW: AW: New information about my last email...
Posted by "Seidel. Robert" <Ro...@aeb.de>.
Hi Javier,
each AccessControlEntry has a user (or principal), you can getPrincipal() to retrieve it. The two privileges are the default privileges for the root node.
jcr:all - administrators
jcr:read - everyone
Your code failed with the new user, because the new user does not have the privilege jcr:readAccessControl for the root node - so you got a denied exception.
To set a privilege, you have to call something like this - but you need the necessary privileges to do so - so the best way would be to use an admin connection:
private void setPrivilegesWithoutCommit(JcrConnection connection,
Authorizable auth, Node node, String[] privilegeNames)
throws RepositoryException {
if (privilegeNames.length < 1) {
throw new IllegalArgumentException(
"The privilege names must not be empty.");
}
// determine privileges array
AccessControlManager acm = connection.getSession().getAccessControlManager();
List<Privilege> privList = new ArrayList<Privilege>();
for (int i = 0; i < privilegeNames.length; ++i) {
Privilege p = acm.privilegeFromName(privilegeNames[i]);
privList.add(p);
}
Privilege[] privs = privList.toArray(new Privilege[privList.size()]);
// set privileges
AccessControlList acl = getAccessList(connection, node.getPath());
acl.addAccessControlEntry(auth.getPrincipal(), privs);
acm.setPolicy(node.getPath(), acl);
}
Regards, Robert
-----Ursprüngliche Nachricht-----
Von: Javier Arias [mailto:jarias@ujaen.es]
Gesendet: Montag, 31. Januar 2011 13:31
An: users@jackrabbit.apache.org
Betreff: Re: AW: AW: AW: New information about my last email...
Hi Robert, I have called it and I got the AccessControlList. Afther that
I have executed the following code:
AccessControlList acl = WebDAVServer.getAccessList();
AccessControlEntry[] ace = acl.getAccessControlEntries();
System.out.println("AccesControlEntry - Length: " + ace.length);
Privilege[] p0 = ace[0].getPrivileges();
Privilege[] p1 = ace[1].getPrivileges();
System.out.println("Privilege1: " + p0[0].getName());
System.out.println("Privilege2: " + p1[0].getName());
and I have got the following results:
AccesControlEntry - Length: 2
Privilege1: jcr:all
Privilege2: jcr:read
To run this example, I used the admin user. If I use a new created user,
get the follow exception:
javax.jcr.AccessDeniedException: Access denied at / at
org.apache.jackrabbit.core.security.DefaultAccessManager.checkPermission(DefaultAccessManager.java:475) at org.apache.jackrabbit.core.security.DefaultAccessManager.getApplicablePolicies(DefaultAccessManager.java:326)
Should I login in as admin and change something in the instruction:
AccessControlPolicyIterator it =
acMngr.getApplicablePolicies(connection.getRootNode().getPath()); ?
Thank you for answering this endless thread.
Regards.
El vie, 28-01-2011 a las 13:22 +0100, Seidel. Robert escribió:
> Hi Javier,
>
> here is some code snippet:
>
> /**
> * returns the access control list for the node path
> * @param connection the connection to the jackrabbit repository
> * @param path the node path
> * @return access control list (applicable or set)
> * @throws AccessDeniedException
> * @throws RepositoryException
> */
> private AccessControlList getAccessList(JcrConnection connection, String path) throws AccessDeniedException, RepositoryException {
> AccessControlManager acMngr = connection.getSession().getAccessControlManager();
> AccessControlPolicyIterator it = acMngr.getApplicablePolicies(path);
> while(it.hasNext()) {
> AccessControlPolicy acp = it.nextAccessControlPolicy();
> if (acp instanceof AccessControlList) {
> return (AccessControlList) acp;
> }
> }
> AccessControlPolicy[] acps = acMngr.getPolicies(path);
> for (AccessControlPolicy accessControlPolicy : acps) {
> if (accessControlPolicy instanceof AccessControlList) {
> return (AccessControlList) accessControlPolicy;
> }
> }
> throw new RepositoryException("No AccessControlList at " + path);
> }
>
> Regards, Robert
>
Re: AW: AW: AW: New information about my last email...
Posted by Javier Arias <ja...@ujaen.es>.
Hi Robert, I have called it and I got the AccessControlList. Afther that
I have executed the following code:
AccessControlList acl = WebDAVServer.getAccessList();
AccessControlEntry[] ace = acl.getAccessControlEntries();
System.out.println("AccesControlEntry - Length: " + ace.length);
Privilege[] p0 = ace[0].getPrivileges();
Privilege[] p1 = ace[1].getPrivileges();
System.out.println("Privilege1: " + p0[0].getName());
System.out.println("Privilege2: " + p1[0].getName());
and I have got the following results:
AccesControlEntry - Length: 2
Privilege1: jcr:all
Privilege2: jcr:read
To run this example, I used the admin user. If I use a new created user,
get the follow exception:
javax.jcr.AccessDeniedException: Access denied at / at
org.apache.jackrabbit.core.security.DefaultAccessManager.checkPermission(DefaultAccessManager.java:475) at org.apache.jackrabbit.core.security.DefaultAccessManager.getApplicablePolicies(DefaultAccessManager.java:326)
Should I login in as admin and change something in the instruction:
AccessControlPolicyIterator it =
acMngr.getApplicablePolicies(connection.getRootNode().getPath()); ?
Thank you for answering this endless thread.
Regards.
El vie, 28-01-2011 a las 13:22 +0100, Seidel. Robert escribió:
> Hi Javier,
>
> here is some code snippet:
>
> /**
> * returns the access control list for the node path
> * @param connection the connection to the jackrabbit repository
> * @param path the node path
> * @return access control list (applicable or set)
> * @throws AccessDeniedException
> * @throws RepositoryException
> */
> private AccessControlList getAccessList(JcrConnection connection, String path) throws AccessDeniedException, RepositoryException {
> AccessControlManager acMngr = connection.getSession().getAccessControlManager();
> AccessControlPolicyIterator it = acMngr.getApplicablePolicies(path);
> while(it.hasNext()) {
> AccessControlPolicy acp = it.nextAccessControlPolicy();
> if (acp instanceof AccessControlList) {
> return (AccessControlList) acp;
> }
> }
> AccessControlPolicy[] acps = acMngr.getPolicies(path);
> for (AccessControlPolicy accessControlPolicy : acps) {
> if (accessControlPolicy instanceof AccessControlList) {
> return (AccessControlList) accessControlPolicy;
> }
> }
> throw new RepositoryException("No AccessControlList at " + path);
> }
>
> Regards, Robert
>
AW: AW: AW: New information about my last email...
Posted by "Seidel. Robert" <Ro...@aeb.de>.
Hi Javier,
here is some code snippet:
/**
* returns the access control list for the node path
* @param connection the connection to the jackrabbit repository
* @param path the node path
* @return access control list (applicable or set)
* @throws AccessDeniedException
* @throws RepositoryException
*/
private AccessControlList getAccessList(JcrConnection connection, String path) throws AccessDeniedException, RepositoryException {
AccessControlManager acMngr = connection.getSession().getAccessControlManager();
AccessControlPolicyIterator it = acMngr.getApplicablePolicies(path);
while(it.hasNext()) {
AccessControlPolicy acp = it.nextAccessControlPolicy();
if (acp instanceof AccessControlList) {
return (AccessControlList) acp;
}
}
AccessControlPolicy[] acps = acMngr.getPolicies(path);
for (AccessControlPolicy accessControlPolicy : acps) {
if (accessControlPolicy instanceof AccessControlList) {
return (AccessControlList) accessControlPolicy;
}
}
throw new RepositoryException("No AccessControlList at " + path);
}
Regards, Robert
-----Ursprüngliche Nachricht-----
Von: Javier Arias [mailto:jarias@ujaen.es]
Gesendet: Freitag, 28. Januar 2011 13:05
An: users@jackrabbit.apache.org
Betreff: Re: AW: AW: New information about my last email...
Hi everyone, I have called getPolicies function. It returns
AccessControlPolicy[]. I have called AccessControlPolicy[].length and it
returns 1 but I do not know how manage the class AccesControlPolicy
becusethis object does not have different methods distinct inherited
methods form Object.
Grant privileges to an user is being a very difficult task!
Can someone give me an implementation example to grant privileges to an
user? This code could help me a lot.
Thanks. Regards.
Re: AW: AW: New information about my last email...
Posted by Javier Arias <ja...@ujaen.es>.
Hi everyone, I have called getPolicies function. It returns
AccessControlPolicy[]. I have called AccessControlPolicy[].length and it
returns 1 but I do not know how manage the class AccesControlPolicy
becusethis object does not have different methods distinct inherited
methods form Object.
Grant privileges to an user is being a very difficult task!
Can someone give me an implementation example to grant privileges to an
user? This code could help me a lot.
Thanks. Regards.
AW: AW: New information about my last email...
Posted by "Seidel. Robert" <Ro...@aeb.de>.
Hi javier,
if a policy is already set to a node, getApplicablePolicies is empty. You have to use getPolicies instead.
I don't like it...
Regards, Robert ;)
-----Ursprüngliche Nachricht-----
Von: Angela Schreiber [mailto:anchela@adobe.com]
Gesendet: Mittwoch, 26. Januar 2011 11:36
An: users@jackrabbit.apache.org
Betreff: Re: AW: New information about my last email...
hi javier
> the problem is when I call:
> AccessControlPolicyIterator it = (AccessControlPolicyIterator)
> acm.getApplicablePolicies(node.getPath());
>
> if (it.hasNext())
> ....
>
> the function it.hasNext() returns always false. I do not understand
> why.
> Do you know what is happening?
i can only guess...
a) there is no additional policy to be applied because you already
set all applicable policies before.
in this case AccessControlManager#getPolicies would expose the
policies set before. if any of them is the ACL you are looking for
you can modify it and reapply it by calling acmgr#setPolicy() and
a subsequest session.save.
b) there are no applicable policies at all... in this case the
AccessControlProvider of your workspace was configured to something
else than you are expecting it to be...
in this case i would take a look at the workspace security
configuration or - in debug mode - what the nature of your
access control provider was.
c) everything is configured properly but the node you are looking
at doesn't allow to be access controlled for whatever reasons
(although that should rather result in an exception)...
since i assume that you are using some default jackrabbit setup
and based on the code you sent my first guess would be: a)
regards
angela
Re: AW: New information about my last email...
Posted by Angela Schreiber <an...@adobe.com>.
hi javier
> the problem is when I call:
> AccessControlPolicyIterator it = (AccessControlPolicyIterator)
> acm.getApplicablePolicies(node.getPath());
>
> if (it.hasNext())
> ....
>
> the function it.hasNext() returns always false. I do not understand
> why.
> Do you know what is happening?
i can only guess...
a) there is no additional policy to be applied because you already
set all applicable policies before.
in this case AccessControlManager#getPolicies would expose the
policies set before. if any of them is the ACL you are looking for
you can modify it and reapply it by calling acmgr#setPolicy() and
a subsequest session.save.
b) there are no applicable policies at all... in this case the
AccessControlProvider of your workspace was configured to something
else than you are expecting it to be...
in this case i would take a look at the workspace security
configuration or - in debug mode - what the nature of your
access control provider was.
c) everything is configured properly but the node you are looking
at doesn't allow to be access controlled for whatever reasons
(although that should rather result in an exception)...
since i assume that you are using some default jackrabbit setup
and based on the code you sent my first guess would be: a)
regards
angela
Re: AW: New information about my last email...
Posted by Javier Arias <ja...@ujaen.es>.
Hi Angela,
My goal is create a new user and grant him some privileges. As you
suggested me the privileges will be:
jcr:modifyProperties
jcr:addChildNodes
jcr:removeNodes
jcr:removeChildNode
jcr:nodetypeManagement
The code that I am executing is the following:
************************
Repository repository = new TransientRepository(new File(_repository));
Session session = repository.login(new SimpleCredentials("user","pass");
UserManager userManager = ((JackrabbitSession)session).getUserManager();
Authorizable authorizable =
userManager.getAuthorizable(user);
Principal p = (Principal) authorizable.getPrincipal();
AccessControlManager acm = session.getAccessControlManager();
Node node = session.getRootNode();
AccessControlPolicyIterator it = (AccessControlPolicyIterator)
acm.getApplicablePolicies(node.getPath());
if (it.hasNext())
{
AccessControlPolicy policy = it.nextAccessControlPolicy();
if (policy instanceof AccessControlList)
{
privileges[0] = acm.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES);
privileges[1] = acm.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES);
privileges[2] = acm.privilegeFromName(Privilege.JCR_REMOVE_NODE);
privileges[3] =
acm.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES);
privileges[4] =
acm.privilegeFromName(Privilege.JCR_NODE_TYPE_MANAGEMENT);
((AccessControlList)policy).addAccessControlEntry(p,privileges);
acm.setPolicy(node.getPath(), policy);
}
session.save();
session.logout();
************************
the problem is when I call:
AccessControlPolicyIterator it = (AccessControlPolicyIterator)
acm.getApplicablePolicies(node.getPath());
if (it.hasNext())
....
the function it.hasNext() returns always false. I do not understand
why.
Do you know what is happening?
I am spending a lot of time in create an user and grant privileges.
Thank you. Regards.
Re: AW: New information about my last email...
Posted by Angela Schreiber <an...@adobe.com>.
hi javier
> Another problem is, in class AccessControlPolicy I must call
> AccessControlPolicy.getApplicablePolicies() and setPolicy() passing as
> parameter a node. I do not know how I should get this nodo.
the question is, which jcr node do you want to edited the access
control policies for. the path of this node you pass into the
getApplicablePolicies or getPolicies method.
once you are done with your changes and you want to reapply the
policy in order to have take effect, you use the same path again
to call setPolicy.
if you are uncertain which jcr node your policy is "attached" and
in the case your policy is an instance of JackrabbitAccessControlPolicy
you can call JackrabbitAccessControlPolicy#getPath.
> If I call getNode("user") or getNodeByIdentifier("user") the program
> throws a Repository exception.
sorry. can't follow you here... why do you need the user node in order
to set a policy? and why do you think that any of the method calls
should do something useful? Session.getNode() takes an absolute path
as argument and getNodeByIdentifier() takes the node identifier such
as obtained by calling Node.getIdentifier().
hope that helps
angela
Re: AW: New information about my last email...
Posted by Javier Arias <ja...@ujaen.es>.
Hi, I am trying grant privileges to a user but I can not do it. The code
I am using is the following.
Can anybody help me?
Repository repository = new TransientRepository(new File(_rep));
Session session = repository.login(new
SimpleCredentials("admin","admin");
UserManager userManager = ((JackrabbitSession)
session).getUserManager();
AccessControlManager acm = session.getAccessControlManager();
Node node = sessionAdmin.getRootNodeByIdentifier("admin");
Authorizable authorizable = userManager.getAuthorizable(user);
Principal p = (Principal) ((User) authorizable).getPrincipal();
Privilege[] privileges = null;
AccessControlPolicyIterator it = (AccessControlPolicyIterator)
acm.getApplicablePolicies(node.getPath());
if (it.hasNext())
{
AccessControlPolicy policy = it.nextAccessControlPolicy();
if (policy instanceof AccessControlList)
{
privileges[0] = acm.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES);
privileges[1] = acm.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES);
privileges[2] = acm.privilegeFromName(Privilege.JCR_REMOVE_NODE);
privileges[3] =
acm.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES);
privileges[4] =
acm.privilegeFromName(Privilege.JCR_NODE_TYPE_MANAGEMENT);
((AccessControlList)policy).addAccessControlEntry(p,privileges);
acm.setPolicy(node.getPath(), policy);
}
}
session.save();
session.logout();
Another problem is, in class AccessControlPolicy I must call
AccessControlPolicy.getApplicablePolicies() and setPolicy() passing as
parameter a node. I do not know how I should get this nodo.
Session.getRootNode()?
session.getNode("user")?
session.getNodeByIdentifier("user")?
If I call getNode("user") or getNodeByIdentifier("user") the program
throws a Repository exception.
Thank you in advance. Regards.
El sáb, 22-01-2011 a las 18:44 +0100, Seidel. Robert escribió:
> Hi Javier,
>
> The jsr specification helped me a lot: http://jcp.org/aboutJava/communityprocess/final/jsr283/index.html
>
> See page 225 and following.
>
> Regards, Robert
>
> -----Ursprüngliche Nachricht-----
> Von: Angela Schreiber [mailto:anchela@adobe.com]
> Gesendet: Freitag, 21. Januar 2011 15:10
> An: users@jackrabbit.apache.org
> Betreff: Re: New information about my last email...
>
> hi javier
>
> > About grant privileges an user, I am some lost. I understood first step
> > and second step but I do not know how follow. How can I get
> > AccessControlList? How grant privileges with User.getPrincipal?
>
> did you take a look a the JCR API related to access control?
> starting from Session.getAccessControlManager() you should find your
> way through, i guess.
>
> angela
AW: New information about my last email...
Posted by "Seidel. Robert" <Ro...@aeb.de>.
Hi Javier,
The jsr specification helped me a lot: http://jcp.org/aboutJava/communityprocess/final/jsr283/index.html
See page 225 and following.
Regards, Robert
-----Ursprüngliche Nachricht-----
Von: Angela Schreiber [mailto:anchela@adobe.com]
Gesendet: Freitag, 21. Januar 2011 15:10
An: users@jackrabbit.apache.org
Betreff: Re: New information about my last email...
hi javier
> About grant privileges an user, I am some lost. I understood first step
> and second step but I do not know how follow. How can I get
> AccessControlList? How grant privileges with User.getPrincipal?
did you take a look a the JCR API related to access control?
starting from Session.getAccessControlManager() you should find your
way through, i guess.
angela
Re: New information about my last email...
Posted by Angela Schreiber <an...@adobe.com>.
hi javier
> About grant privileges an user, I am some lost. I understood first step
> and second step but I do not know how follow. How can I get
> AccessControlList? How grant privileges with User.getPrincipal?
did you take a look a the JCR API related to access control?
starting from Session.getAccessControlManager() you should find your
way through, i guess.
angela
Re: New information about my last email...
Posted by Javier Arias <ja...@ujaen.es>.
About the last send, the disabled function works now, I forgot call
save() and logout() methods (I believed these function were called
automatically). Sorry.
About grant privileges an user, I am some lost. I understood first step
and second step but I do not know how follow. How can I get
AccessControlList? How grant privileges with User.getPrincipal?
I give the code that I have at the moment:
Repository repository = new TransientRepository(new File(_repository));
Session session = repository.login(new
SimpleCredentials("user","pass".toCharArray()));
UserManager userManager = ((JackrabbitSession)
session).getUserManager();
AccessControlManager controlManager = ((JackrabbitSession)
session).getAccessControlManager();
Authorizable authorizable = userManager.getAuthorizable("user");
Principal principal = (Principal) ((User) authorizable).getPrincipal();
---
Thank you. Regards
El mié, 19-01-2011 a las 11:16 +0100, Angela Schreiber escribió:
> hi javier
>
> On 1/19/11 11:00 AM, Javier Arias wrote:
> > Hi Angela, my problem was solved. The problem was: supose I have
> > "jackrabbit-standalone" in the
> > folder: /home/user/server/jackrabbit-standalone.jar when you start
> > jackrabbit-standalone it creates a folder "jackrabbit". I was creating a
> > TransientRepository with url /home/user/server/ and not
> > with /home/user/server/jackrabbit taht is the correct. Now it works
> > perfectly.
> >
> > Besides , I have a new task. I want to allow only two users for my
> > webdav server. One user will be admin. I have changed his password and I
> > will use it only for management tasks. I have created another user to
> > access to the repository to add and remove files, but with him, I can
> > not upload resources to server. How I give him privileges to do it?
>
> use the jcr access control management to grant this editing user
> the permissions to manipulate a node (and it's child nodes)... this most
> probably includes the following privileges:
>
> jcr:modifyProperties
> jcr:addChildNodes
> jcr:removeNodes
> jcr:removeChildNode
> and eventually jcr:nodetypeManagement
>
> the first 4 privileges are aggregated in jcr:write, while rep:write
> also includes the latter privilege.
>
> something like:
>
> 1. access the ac manager by means of session.getAccessControlManager()
> 2. retrieve the applicable policies at your target node or -
> alternatively - the policies already set to have them modified.
> 3. in jr the policies are normally accesscontrollist(s) -> modify
> the acl by granting the privileges for your users principal
> (User.getPrincipal)
> 4. reapply the modified policy (AcMgr.setPolicy)
> 5. save the changes in order to have them take effect
>
> JSR283 and the API javadoc may give you some additional information
> about how it works. jackrabbit in addition defines some extensions
> to the JCR api.
>
> > Another problem is with anonymous user. I have removed this user but
> > when I start the server, it is created again. I have tried too change
> > the anonymous password but it does not work, the password is always the
> > same. It is a problem because everyone can access with
> > "anonymous/anonymous".
>
> the system users admin and anonymous are always recreated in the default
> setup. but you may "disable" the anonymous user. this will prevent any
> login as this user... see
>
> org.apache.jackrabbit.api.security.user.User#disable(String)
>
> hope that helps
> angela
> > Thank you. Best regards.
> >
> >
> >
Re: New information about my last email...
Posted by Javier Arias <ja...@ujaen.es>.
Hi, I have tried to disabled anonymous user with version 2.2.1 of
jackrabbit because I have seen that this version provide disbled()
action. But it does not work well, when I call the funcion, the program
never finish.
I have written the code I am using. I do not know if the problem is with
my code or with this version server.
Repository repository = new TransientRepository(new File(_repository));
Session session = repository.login(new
SimpleCredentials("admin","admin".toCharArray()));
UserManager userManager = ((JackrabbitSession)
session).getUserManager();
Authorizable authorizable = userManager.getAuthorizable("anonymous");
((User) authorizable).disable("prevent anonymous login");
Thank you. Regards.
El mié, 19-01-2011 a las 11:16 +0100, Angela Schreiber escribió:
> hi javier
>
> On 1/19/11 11:00 AM, Javier Arias wrote:
> > Hi Angela, my problem was solved. The problem was: supose I have
> > "jackrabbit-standalone" in the
> > folder: /home/user/server/jackrabbit-standalone.jar when you start
> > jackrabbit-standalone it creates a folder "jackrabbit". I was creating a
> > TransientRepository with url /home/user/server/ and not
> > with /home/user/server/jackrabbit taht is the correct. Now it works
> > perfectly.
> >
> > Besides , I have a new task. I want to allow only two users for my
> > webdav server. One user will be admin. I have changed his password and I
> > will use it only for management tasks. I have created another user to
> > access to the repository to add and remove files, but with him, I can
> > not upload resources to server. How I give him privileges to do it?
>
> use the jcr access control management to grant this editing user
> the permissions to manipulate a node (and it's child nodes)... this most
> probably includes the following privileges:
>
> jcr:modifyProperties
> jcr:addChildNodes
> jcr:removeNodes
> jcr:removeChildNode
> and eventually jcr:nodetypeManagement
>
> the first 4 privileges are aggregated in jcr:write, while rep:write
> also includes the latter privilege.
>
> something like:
>
> 1. access the ac manager by means of session.getAccessControlManager()
> 2. retrieve the applicable policies at your target node or -
> alternatively - the policies already set to have them modified.
> 3. in jr the policies are normally accesscontrollist(s) -> modify
> the acl by granting the privileges for your users principal
> (User.getPrincipal)
> 4. reapply the modified policy (AcMgr.setPolicy)
> 5. save the changes in order to have them take effect
>
> JSR283 and the API javadoc may give you some additional information
> about how it works. jackrabbit in addition defines some extensions
> to the JCR api.
>
> > Another problem is with anonymous user. I have removed this user but
> > when I start the server, it is created again. I have tried too change
> > the anonymous password but it does not work, the password is always the
> > same. It is a problem because everyone can access with
> > "anonymous/anonymous".
>
> the system users admin and anonymous are always recreated in the default
> setup. but you may "disable" the anonymous user. this will prevent any
> login as this user... see
>
> org.apache.jackrabbit.api.security.user.User#disable(String)
>
> hope that helps
> angela
> > Thank you. Best regards.
> >
> >
> > El mar, 18-01-2011 a las 14:23 +0100, Angela Schreiber escribió:
> >> hi javier
> >>
> >> and you are really sure that you changed to admin-password in the
> >> repository instance you are accessing with the http request?
> >>
> >> from the top of my head i don't see any reason, why you should
> >> be able to login with another password than the one stored with
> >> the corresponding use.... and - as far as i know - there was no
> >> other login that a simple repository.login whose behavior depends
> >> on the configured login module.
> >>
> >> regards
> >> angela
> >>
> >>
> >> On 1/17/11 1:04 PM, Javier Arias wrote:
> >>> About the last email, I have copied a repository.xml that I had saved in
> >>> another folder. And now I can execute my code and I do not have problem
> >>> with userManager.
> >>>
> >>> But the behaviour of the server is strange. I have changed the admin
> >>> password, now the password is admin2. If I login from java code, I must
> >>> type, username = "admin" and password = "admin2". If I loggin from
> >>> browser I must type username = "admin" and password = "admin2", this is
> >>> very strange!! The same occur if I create a new user. From Java code I
> >>> can loggin with new user, but from the browser I can not loggin in.
> >>> I think it can be from repository configuration. Do you have a
> >>> configuration file as default?
> >>> I have attached my repository.xml if you want see it.
> >>>
> >>> Thank you. Regards.
> >
> >
> >
Re: New information about my last email...
Posted by Angela Schreiber <an...@adobe.com>.
hi javier
On 1/19/11 11:00 AM, Javier Arias wrote:
> Hi Angela, my problem was solved. The problem was: supose I have
> "jackrabbit-standalone" in the
> folder: /home/user/server/jackrabbit-standalone.jar when you start
> jackrabbit-standalone it creates a folder "jackrabbit". I was creating a
> TransientRepository with url /home/user/server/ and not
> with /home/user/server/jackrabbit taht is the correct. Now it works
> perfectly.
>
> Besides , I have a new task. I want to allow only two users for my
> webdav server. One user will be admin. I have changed his password and I
> will use it only for management tasks. I have created another user to
> access to the repository to add and remove files, but with him, I can
> not upload resources to server. How I give him privileges to do it?
use the jcr access control management to grant this editing user
the permissions to manipulate a node (and it's child nodes)... this most
probably includes the following privileges:
jcr:modifyProperties
jcr:addChildNodes
jcr:removeNodes
jcr:removeChildNode
and eventually jcr:nodetypeManagement
the first 4 privileges are aggregated in jcr:write, while rep:write
also includes the latter privilege.
something like:
1. access the ac manager by means of session.getAccessControlManager()
2. retrieve the applicable policies at your target node or -
alternatively - the policies already set to have them modified.
3. in jr the policies are normally accesscontrollist(s) -> modify
the acl by granting the privileges for your users principal
(User.getPrincipal)
4. reapply the modified policy (AcMgr.setPolicy)
5. save the changes in order to have them take effect
JSR283 and the API javadoc may give you some additional information
about how it works. jackrabbit in addition defines some extensions
to the JCR api.
> Another problem is with anonymous user. I have removed this user but
> when I start the server, it is created again. I have tried too change
> the anonymous password but it does not work, the password is always the
> same. It is a problem because everyone can access with
> "anonymous/anonymous".
the system users admin and anonymous are always recreated in the default
setup. but you may "disable" the anonymous user. this will prevent any
login as this user... see
org.apache.jackrabbit.api.security.user.User#disable(String)
hope that helps
angela
> Thank you. Best regards.
>
>
> El mar, 18-01-2011 a las 14:23 +0100, Angela Schreiber escribió:
>> hi javier
>>
>> and you are really sure that you changed to admin-password in the
>> repository instance you are accessing with the http request?
>>
>> from the top of my head i don't see any reason, why you should
>> be able to login with another password than the one stored with
>> the corresponding use.... and - as far as i know - there was no
>> other login that a simple repository.login whose behavior depends
>> on the configured login module.
>>
>> regards
>> angela
>>
>>
>> On 1/17/11 1:04 PM, Javier Arias wrote:
>>> About the last email, I have copied a repository.xml that I had saved in
>>> another folder. And now I can execute my code and I do not have problem
>>> with userManager.
>>>
>>> But the behaviour of the server is strange. I have changed the admin
>>> password, now the password is admin2. If I login from java code, I must
>>> type, username = "admin" and password = "admin2". If I loggin from
>>> browser I must type username = "admin" and password = "admin2", this is
>>> very strange!! The same occur if I create a new user. From Java code I
>>> can loggin with new user, but from the browser I can not loggin in.
>>> I think it can be from repository configuration. Do you have a
>>> configuration file as default?
>>> I have attached my repository.xml if you want see it.
>>>
>>> Thank you. Regards.
>
>
>
Re: New information about my last email...
Posted by Javier Arias <ja...@ujaen.es>.
Hi Angela, my problem was solved. The problem was: supose I have
"jackrabbit-standalone" in the
folder: /home/user/server/jackrabbit-standalone.jar when you start
jackrabbit-standalone it creates a folder "jackrabbit". I was creating a
TransientRepository with url /home/user/server/ and not
with /home/user/server/jackrabbit taht is the correct. Now it works
perfectly.
Besides , I have a new task. I want to allow only two users for my
webdav server. One user will be admin. I have changed his password and I
will use it only for management tasks. I have created another user to
access to the repository to add and remove files, but with him, I can
not upload resources to server. How I give him privileges to do it?
Another problem is with anonymous user. I have removed this user but
when I start the server, it is created again. I have tried too change
the anonymous password but it does not work, the password is always the
same. It is a problem because everyone can access with
"anonymous/anonymous".
Thank you. Best regards.
El mar, 18-01-2011 a las 14:23 +0100, Angela Schreiber escribió:
> hi javier
>
> and you are really sure that you changed to admin-password in the
> repository instance you are accessing with the http request?
>
> from the top of my head i don't see any reason, why you should
> be able to login with another password than the one stored with
> the corresponding use.... and - as far as i know - there was no
> other login that a simple repository.login whose behavior depends
> on the configured login module.
>
> regards
> angela
>
>
> On 1/17/11 1:04 PM, Javier Arias wrote:
> > About the last email, I have copied a repository.xml that I had saved in
> > another folder. And now I can execute my code and I do not have problem
> > with userManager.
> >
> > But the behaviour of the server is strange. I have changed the admin
> > password, now the password is admin2. If I login from java code, I must
> > type, username = "admin" and password = "admin2". If I loggin from
> > browser I must type username = "admin" and password = "admin2", this is
> > very strange!! The same occur if I create a new user. From Java code I
> > can loggin with new user, but from the browser I can not loggin in.
> > I think it can be from repository configuration. Do you have a
> > configuration file as default?
> > I have attached my repository.xml if you want see it.
> >
> > Thank you. Regards.
Re: New information about my last email...
Posted by Angela Schreiber <an...@adobe.com>.
hi javier
and you are really sure that you changed to admin-password in the
repository instance you are accessing with the http request?
from the top of my head i don't see any reason, why you should
be able to login with another password than the one stored with
the corresponding use.... and - as far as i know - there was no
other login that a simple repository.login whose behavior depends
on the configured login module.
regards
angela
On 1/17/11 1:04 PM, Javier Arias wrote:
> About the last email, I have copied a repository.xml that I had saved in
> another folder. And now I can execute my code and I do not have problem
> with userManager.
>
> But the behaviour of the server is strange. I have changed the admin
> password, now the password is admin2. If I login from java code, I must
> type, username = "admin" and password = "admin2". If I loggin from
> browser I must type username = "admin" and password = "admin2", this is
> very strange!! The same occur if I create a new user. From Java code I
> can loggin with new user, but from the browser I can not loggin in.
> I think it can be from repository configuration. Do you have a
> configuration file as default?
> I have attached my repository.xml if you want see it.
>
> Thank you. Regards.
configure persistenceManager with jndi
Posted by "Rojas Buitrago, Sergio" <sr...@indra.es>.
Hello.
I´m trying to configure my persistenceManager using jndi. I want to indicate the database configuration from bootstrap.properties config file, but don`t know how can I make it.
Is this possible?
My persistenceMangager looks like:
<PersistenceManager
class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="javax.naming.InitialContext" />
<param name="url" value="java:???" />
<param name="schemaObjectPrefix" value="${wsp.name}_" />
<param name="schema" value="postgresql" />
</PersistenceManager>
I don´t know what should i put in the url parameter, and how can I associate this with the keys in bootstrap.properties.
can anybody help me?
Thanks and regards.
Sergio Rojas Buitrago
Desarrollo Software
Gestión Documental
Ronda de Toledo s/n
13003. Ciudad Real
España
T +34 926 27 08 49
Ext: 237849
srojas@indra.es
www.indra.es
Este correo electrónico y, en su caso, cualquier fichero anexo al mismo, contiene información de carácter confidencial exclusivamente dirigida a su destinatario o destinatarios. Si no es vd. el destinatario indicado, queda notificado que la lectura, utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. En el caso de haber recibido este correo electrónico por error, se ruega notificar inmediatamente esta circunstancia mediante reenvío a la dirección electrónica del remitente.
Evite imprimir este mensaje si no es estrictamente necesario.
This email and any file attached to it (when applicable) contain(s) confidential information that is exclusively addressed to its recipient(s). If you are not the indicated recipient, you are informed that reading, using, disseminating and/or copying it without authorisation is forbidden in accordance with the legislation in effect. If you have received this email by mistake, please immediately notify the sender of the situation by resending it to their email address.
Avoid printing this message if it is not absolutely necessary.
Re: New information about my last email...
Posted by Alexander Klimetschek <ak...@adobe.com>.
On 17.01.11 17:52, "Javier Arias" <ja...@ujaen.es> wrote:
>I have achieved change the admin password by this Java code:
>
>Repository repository = new TransientRepository(new
> File(_repositoryToConnect));
>
>Session session = repository.login(new
>SimpleCredentials("admin","admin");
>
>UserManager userManager = ((JackrabbitSession)
>session).getUserManager();
>
>Authorizable authorizable = userManager.getAuthorizable("admin");
>
>boolean admin = ((User) authorizable).isAdmin();
>
>if (admin)
> {
> authorizable = userManager.getAuthorizable(user);
> ((User) authorizable).changePassword(newPassword);
> }
>
>session.save();
>session.logout();
Hmm, looks good to me.
> I am using the JackRabbit standalone.
I am not too knowledgable about that one, maybe the login there has an
issue...
Regards,
Alex
--
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel
Re: New information about my last email...
Posted by Javier Arias <ja...@ujaen.es>.
I have achieved change the admin password by this Java code:
Repository repository = new TransientRepository(new
File(_repositoryToConnect));
Session session = repository.login(new
SimpleCredentials("admin","admin");
UserManager userManager = ((JackrabbitSession)
session).getUserManager();
Authorizable authorizable = userManager.getAuthorizable("admin");
boolean admin = ((User) authorizable).isAdmin();
if (admin)
{
authorizable = userManager.getAuthorizable(user);
((User) authorizable).changePassword(newPassword);
}
session.save();
session.logout();
--------------------------------------------------
And the code to create user:
Repository repository = new TransientRepository(new
File(_repositoryToConnect));
Session session = (SessionImpl) repository.login(new
SimpleCredentials("admin,"admin");
UserManager userManager = (UserManager) ((JackrabbitSession)
session).getUserManager();
Authorizable authorizable = userManager.getAuthorizable(_userDav);
boolean admin = ((User) authorizable).isAdmin();
if (admin)
User createUser = userManager.createUser(newUser,newPassword);
session.save();
session.logout();
------------------------------------------------------
I am using the JackRabbit standalone.
El lun, 17-01-2011 a las 16:36 +0000, Alexander Klimetschek escribió:
> On 17.01.11 17:25, "Javier Arias" <ja...@ujaen.es> wrote:
> >I have achieved change admin password
>
> How did you change it?
>
> > and create a new user. I can
> >loggin in the server if I do it from Java code. If a try it from browser
> >(for example, Mozilla using url: http//localhost:8080), I only can
> >looggin using admin/admin.
>
> I suppose you are using the Jackrabbit standalone or the Jackrabbit webapp?
>
> >This is a problem because is someone connect
> >to my machine in port 8080, he can read all files content the
> >repository.
> >
> >Another ask is, how can I give privileges to a new user for add files to
> >the repository?
> >
> >In the repository.xmlI am using DefaultLogin and DeafultAccess
>
> Setting ACLs is the way to go. See:
>
>
> http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html (JCR
> 2.0 spec)
> http://wiki.apache.org/jackrabbit/AccessControl
> http://markmail.org/message/utmhahj5naevqpat
>
> Regards,
> Alex
>
Re: New information about my last email...
Posted by Alexander Klimetschek <ak...@adobe.com>.
On 17.01.11 17:25, "Javier Arias" <ja...@ujaen.es> wrote:
>I have achieved change admin password
How did you change it?
> and create a new user. I can
>loggin in the server if I do it from Java code. If a try it from browser
>(for example, Mozilla using url: http//localhost:8080), I only can
>looggin using admin/admin.
I suppose you are using the Jackrabbit standalone or the Jackrabbit webapp?
>This is a problem because is someone connect
>to my machine in port 8080, he can read all files content the
>repository.
>
>Another ask is, how can I give privileges to a new user for add files to
>the repository?
>
>In the repository.xmlI am using DefaultLogin and DeafultAccess
Setting ACLs is the way to go. See:
http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html (JCR
2.0 spec)
http://wiki.apache.org/jackrabbit/AccessControl
http://markmail.org/message/utmhahj5naevqpat
Regards,
Alex
--
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel
Re: New information about my last email...
Posted by Javier Arias <ja...@ujaen.es>.
Hi Alexander,
The situation is the follow: I want to change the admin password because
admin/admin is not secure. After that I want to create a new user who I
will use to add files to the server and to acces to the server.
I have achieved change admin password and create a new user. I can
loggin in the server if I do it from Java code. If a try it from browser
(for example, Mozilla using url: http//localhost:8080), I only can
looggin using admin/admin. This is a problem because is someone connect
to my machine in port 8080, he can read all files content the
repository.
Another ask is, how can I give privileges to a new user for add files to
the repository?
In the repository.xmlI am using DefaultLogin and DeafultAccess
Thank you. Regards.
El lun, 17-01-2011 a las 13:47 +0000, Alexander Klimetschek escribió:
> On 17.01.11 12:04, "Javier Arias" <ja...@ujaen.es> wrote:
>
> >About the last email, I have copied a repository.xml that I had saved in
> >another folder. And now I can execute my code and I do not have problem
> >with userManager.
> >
> >But the behaviour of the server is strange. I have changed the admin
> >password, now the password is admin2. If I login from java code, I must
> >type, username = "admin" and password = "admin2". If I loggin from
> >browser I must type username = "admin" and password = "admin2", this is
> >very strange!!
>
> These two combinations are exactly the same - I guess you have a typo in
> there. Which login does not work or requires different credentials? And
> also, what browser login do you mean? Using Jackrabbit's webdav?
>
> Regards,
> Alex
>
Re: New information about my last email...
Posted by Alexander Klimetschek <ak...@adobe.com>.
On 17.01.11 12:04, "Javier Arias" <ja...@ujaen.es> wrote:
>About the last email, I have copied a repository.xml that I had saved in
>another folder. And now I can execute my code and I do not have problem
>with userManager.
>
>But the behaviour of the server is strange. I have changed the admin
>password, now the password is admin2. If I login from java code, I must
>type, username = "admin" and password = "admin2". If I loggin from
>browser I must type username = "admin" and password = "admin2", this is
>very strange!!
These two combinations are exactly the same - I guess you have a typo in
there. Which login does not work or requires different credentials? And
also, what browser login do you mean? Using Jackrabbit's webdav?
Regards,
Alex
--
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel
New information about my last email...
Posted by Javier Arias <ja...@ujaen.es>.
About the last email, I have copied a repository.xml that I had saved in
another folder. And now I can execute my code and I do not have problem
with userManager.
But the behaviour of the server is strange. I have changed the admin
password, now the password is admin2. If I login from java code, I must
type, username = "admin" and password = "admin2". If I loggin from
browser I must type username = "admin" and password = "admin2", this is
very strange!! The same occur if I create a new user. From Java code I
can loggin with new user, but from the browser I can not loggin in.
I think it can be from repository configuration. Do you have a
configuration file as default?
I have attached my repository.xml if you want see it.
Thank you. Regards.
Re: Doubt with username and password
Posted by Angela Schreiber <an...@adobe.com>.
why do you use the SimpleLoginModule? all Simple* parts in the
security code are not meant to be used in a productive environment
but are simple examples to demonstrate some basic rules. most of them
date back to v < 2.0 when jackrabbit didn't by default provide
real-life authentication and authorization mechanisms.
maybe a security configuration such as defined in
/jackrabbit-core/src/test/repository/repository.xml would be better
suited for you needs.
regards
angela
On 1/4/11 12:45 PM, Javier Arias wrote:
> Hi, I am new using JackRabbit. I have one problem, I need change the
> username and password to access to the repository. At the moment, I can
> access whit every password and user but, for my need, it is not
> secure.
>
> I have read the documentation and I have done the followings changes in
> the file "repository.xml":
>
>
> Afther that I restarted the server but it did not work.
>
> <LoginModule
> class="org.apache.jackrabbit.core.security.simple.SimpleLoginModule">
> <!--
> anonymous user name ('anonymous' is the default value)
> -->
> <param name="anonymousId" value="user"/>
> <!--
> administrator user id (default value if param is missing
> is 'admin')
> -->
> <param name="adminId" value="pass"/>
> </LoginModule>
>
> Can anyone help me?
>
> Thanks a lot. Best regards.
>
>
Re: Doubt with username and password
Posted by Alexander Klimetschek <ak...@adobe.com>.
On 04.01.11 12:45, "Javier Arias" <ja...@ujaen.es> wrote:
><LoginModule
>class="org.apache.jackrabbit.core.security.simple.SimpleLoginModule">
> <!--
> anonymous user name ('anonymous' is the default value)
> -->
> <param name="anonymousId" value="user"/>
> <!--
> administrator user id (default value if param is missing
>is 'admin')
> -->
> <param name="adminId" value="pass"/>
"adminId" is the user id of the administrator user, not a password. See
the comment above.
The SimpleLoginModule does not provide any secure authentication, it will
accept any password. There are three types of users, which are solely
separated by the user id: the anonymous user (given by anonymousId,
defaults to "anonymous") has only read rights. Then the administrative
super user (given by adminId, defaults to "admin"), which can do anything.
And finally any other user (all other user ids, needs no config) will have
normal read and write permissions, but not certain admin things like node
type management IIRC.
Regards,
Alex
--
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel