You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by techie2k <de...@gmail.com> on 2014/09/24 09:42:38 UTC
Unable to access node properties
have created folder using superuser and provided read-only access to folder
for application user.
When trying to query all accessible folders(nt:folder), getting properties
list as empty.
Partial code to reproduce:
*Created folder:*
/public Node createFolder(Session adminSession) {
try {
Node parentNode = adminSession.getNode("/MyCompany/CommonFolder”);
if(!parentNode.hasNode("T1")){
Node node = parentNode.addNode("T1", "nt:folder");
node.addMixin("et:folderProperties");
node.setProperty("et:folderName", "T1");
node.addMixin("rep:AccessControllable");
session.save(); return node;
}else {
System.out.println("Node already exists");
}
} catch (RepositoryException e) {
e.printStackTrace();
}
return null;
}/
*Sharing to user(Principal based)
*
/accessControlManager = (JackrabbitAccessControlManager)
adminSession.getAccessControlManager();
accessControlPolicy =
accessControlManager.getApplicablePolicies(userPrincipal);
// for ex., principal is appuser1
if(accessControlPolicy != null && accessControlPolicy.length > 0) {
accessControlList = (JackrabbitAccessControlList)
accessControlPolicy[0];
}else {
accessControlPolicy = accessControlManager.getPolicies(userPrincipal);
accessControlList = (JackrabbitAccessControlList)
accessControlPolicy[0];
}
ValueFactory valueFactory = adminSession.getValueFactory();
//Tried all combinations, even providing with "JCR:ALL";
Privilege[] readPrivilege = new javax.jcr.security.Privilege[] {
accessControlManager.privilegeFromName(
javax.jcr.security.Privilege.JCR_READ),
accessControlManager.privilegeFromName(
javax.jcr.security.Privilege.JCR_NODE_TYPE_MANAGEMENT),
accessControlManager.privilegeFromName(
javax.jcr.security.Privilege.JCR_READ_ACCESS_CONTROL)};
Map<String, Value> restrictions = new HashMap<String, Value>();
restrictions.put("rep:nodePath",
valueFactory.createValue("/MyCompany/CommonFolder/T1",
PropertyType.PATH));
restrictions.put("rep:glob", valueFactory.createValue(""));
accessControlList.addEntry(userPrincipal, privileges, true ,
restrictions);
accessControlManager.setPolicy(accessControlList.getPath(),
accessControlList);
adminSession.save();/
*Printing all applicable folders for user*
/public void printAllFolders(Session userSession) {
QueryManager queryManager;
try {
queryManager = userSession.getWorkspace().getQueryManager();
String sql = "SELECT * FROM [nt:folder]";
Query query= queryManager.createQuery(sql, Query.JCR_SQL2);
QueryResult result = query.execute();
NodeIterator nodeIterator = result.getNodes();
System.out.println("Printing all applicable folders");
while(nodeIterator.hasNext()) {
Node node = nodeIterator.nextNode();
System.out.println("Folder Name:" + node.getName() + "; path: "
+ node.getPath());
PropertyIterator pIterator = node.getProperties();
while (pIterator.hasNext()){ //Returning empty for path
"/MyCompany/CommonFolder/T1"
Property property = pIterator.nextProperty();
if (property.getDefinition().isMultiple()) {
Value[] values = property.getValues();
for(Value v11: values) {
QValueValue value = (QValueValue)v11;
System.out.println(String.format("Multi-valued
property for node:
'%s' - %s has
values",node.getName(),
property.getName()
,value.getString()));
}
} else {
QValueValue value = (QValueValue)
property.getValue();
String strValue = value.getString();
System.out.println(String.format("property for
node: '%s' - %s has value
%s",node.getName(),property.getName(),strValue));
}
}
}
} catch (RepositoryException e) {
e.printStackTrace();
}
}/
Using Jackrabbit(2.6.0 version) and JCR( 2.0 version).
Any pointers on this?
--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Unable-to-access-node-properties-tp4661416.html
Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.
Re: Unable to access node properties
Posted by techie2k <de...@gmail.com>.
Could someone help me on resolving this issue?
--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Unable-to-access-node-properties-tp4661416p4661427.html
Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.
Re: Unable to access node properties
Posted by techie2k <de...@gmail.com>.
Hi,
Created folder "Root1", so the path becomes "/Root1" and applied with
rep:glob value as "".
Node node = session.getNode("/Root1");
node.getProperties() // *Yields empty array. *
And the following, prints value
System.out.println("UID/Name ::: " + node.getIdentifier() + "/"
+node.getName());
My question is why only properties of node are restricted, even only a
folder created under root?
Thanks.
--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Unable-to-access-node-properties-tp4661416p4661445.html
Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.
Re: Unable to access node properties
Posted by Angela Schreiber <an...@adobe.com>.
Hi
See the previous posts:
- * /foo | "" | matches /foo only
- The evaluation in jackrabbit-core works on path and not on individual
types of items.
Regards
Angela
On 01/10/14 14:21, "techie2k" <de...@gmail.com> wrote:
>Hi Angela,
>
>I wanted to get properties of node as well.
>
>Created folder : */1/CommonFolder/Shared1*
>
>Given acl access(rep:glob value with "") to /"/1" , "/1/CommonFolder"/
>And rep:glob value with "*" to path *"/1/CommonFolder/Shared1"*.
>
>JCR SQL2 Query : Select * from [nt:folder];
>
>Results in node.getProperties(),
> 1. is empty for /"/1/"/ ,
> 2. is empty for /"/1/CommonFolder"/
> 3. lists out all for /"/1/CommonFolder/Shared1" /
>
>
>My question is, "rep:glob" with empty string pattern will restrict
>accessing
>node properties or my security config settings is the issue?
>
>Thanks.
>
>
>
>--
>View this message in context:
>http://jackrabbit.510166.n4.nabble.com/Unable-to-access-node-properties-tp
>4661416p4661434.html
>Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.
Re: Unable to access node properties
Posted by techie2k <de...@gmail.com>.
Hi Angela,
I wanted to get properties of node as well.
Created folder : */1/CommonFolder/Shared1*
Given acl access(rep:glob value with "") to /"/1" , "/1/CommonFolder"/
And rep:glob value with "*" to path *"/1/CommonFolder/Shared1"*.
JCR SQL2 Query : Select * from [nt:folder];
Results in node.getProperties(),
1. is empty for /"/1/"/ ,
2. is empty for /"/1/CommonFolder"/
3. lists out all for /"/1/CommonFolder/Shared1" /
My question is, "rep:glob" with empty string pattern will restrict accessing
node properties or my security config settings is the issue?
Thanks.
--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Unable-to-access-node-properties-tp4661416p4661434.html
Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.
Re: Unable to access node properties
Posted by Angela Schreiber <an...@adobe.com>.
hi shabeer
>So with jackrabbit core, how can I restrict access privilege to path
>against
>user principal, if not using "rep:glob" restriction pattern?
with jackrabbit-core you can only use the rep:glob restriction to limit
the effect of a given ACE to those paths that match the specified globbing
pattern. since the permission evaluation in jackrabbit core is by path
it doesn't distinguish properties and nodes.
in other words: the globbing pattern will only be useful if you follow
some name convention that can then be covered by the globbing... there is
no way to specifically grant read access to properties or nodes only.
as of oak 1.0 it's slightly different:
- jcr:read is an aggregation of rep:readNodes and rep:readProperties
- permission evaluation is item base (node/property) and not path based
- oak provides a low level extension point for restrictions and you can
plug your custom restrictions at runtime.
kind regards
angela
>"rep:glob" with ""(empty string) restriction provides access to read node
>path and not its properties makes me puzzled.
>
>
>
>Thanks,
>Shabeer.
>
>
>
>--
>View this message in context:
>http://jackrabbit.510166.n4.nabble.com/Unable-to-access-node-properties-tp
>4661416p4661419.html
>Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.
Re: Unable to access node properties
Posted by techie2k <de...@gmail.com>.
Hi Angela,
Thanks for your reply.
So with jackrabbit core, how can I restrict access privilege to path against
user principal, if not using "rep:glob" restriction pattern?
"rep:glob" with ""(empty string) restriction provides access to read node
path and not its properties makes me puzzled.
Thanks,
Shabeer.
--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Unable-to-access-node-properties-tp4661416p4661419.html
Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.
Re: Unable to access node properties
Posted by techie2k <de...@gmail.com>.
Hi Angela,
Thanks for your reply.
So with jackrabbit core, how can I restrict access privilege to path against
user principal, if not using "rep:glob" restriction pattern?
"rep:glob" with ""(empty string) restriction provides access to read node
path and not its properties makes me puzzled.
Thanks,
Shabeer.
--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Unable-to-access-node-properties-tp4661416p4661418.html
Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.
Re: Unable to access node properties
Posted by Angela Schreiber <an...@adobe.com>.
hi
but you created a rep:glob restriction that limits access to the
target node....
copied from javadoc of the globbing pattern:
* Please note the following special cases:
* <pre>
* NodePath | Restriction | Matches
*
---------------------------------------------------------------------------
--
* /foo | null | matches /foo and all children of /foo
* /foo | "" | matches /foo only
in jackrabbit 2.x you can't distinguish between read access to
properties and nodes. as of oak the jcr:read privilege is an
aggregation of reading properties and reading nodes privileges
and you could setup the permissions such that you can read
the node and it's properties but not the subtree.
hope that helps
angela
On 24/09/14 09:42, "techie2k" <de...@gmail.com> wrote:
> have created folder using superuser and provided read-only access to
>folder
>for application user.
>
>When trying to query all accessible folders(nt:folder), getting properties
>list as empty.
>
>Partial code to reproduce:
>
>*Created folder:*
>
>/public Node createFolder(Session adminSession) {
> try {
> Node parentNode = adminSession.getNode("/MyCompany/CommonFolder²);
>
> if(!parentNode.hasNode("T1")){
> Node node = parentNode.addNode("T1", "nt:folder");
>
> node.addMixin("et:folderProperties");
> node.setProperty("et:folderName", "T1");
> node.addMixin("rep:AccessControllable");
>
> session.save(); return node;
> }else {
> System.out.println("Node already exists");
> }
> } catch (RepositoryException e) {
> e.printStackTrace();
> }
> return null;
> }/
>
>*Sharing to user(Principal based)
>*
>/accessControlManager = (JackrabbitAccessControlManager)
> adminSession.getAccessControlManager();
>accessControlPolicy =
>accessControlManager.getApplicablePolicies(userPrincipal);
>// for ex., principal is appuser1
>
>if(accessControlPolicy != null && accessControlPolicy.length > 0) {
> accessControlList = (JackrabbitAccessControlList)
>accessControlPolicy[0];
>}else {
> accessControlPolicy =
>accessControlManager.getPolicies(userPrincipal);
> accessControlList = (JackrabbitAccessControlList)
>accessControlPolicy[0];
> }
>
> ValueFactory valueFactory = adminSession.getValueFactory();
>
> //Tried all combinations, even providing with "JCR:ALL";
> Privilege[] readPrivilege = new javax.jcr.security.Privilege[] {
>
> accessControlManager.privilegeFromName(
> javax.jcr.security.Privilege.JCR_READ),
> accessControlManager.privilegeFromName(
>
>javax.jcr.security.Privilege.JCR_NODE_TYPE_MANAGEMENT),
> accessControlManager.privilegeFromName(
>
>javax.jcr.security.Privilege.JCR_READ_ACCESS_CONTROL)};
>
> Map<String, Value> restrictions = new HashMap<String, Value>();
> restrictions.put("rep:nodePath",
>valueFactory.createValue("/MyCompany/CommonFolder/T1",
>
>PropertyType.PATH));
> restrictions.put("rep:glob", valueFactory.createValue(""));
>
> accessControlList.addEntry(userPrincipal, privileges, true ,
>restrictions);
> accessControlManager.setPolicy(accessControlList.getPath(),
>accessControlList);
> adminSession.save();/
>
>*Printing all applicable folders for user*
>
>/public void printAllFolders(Session userSession) {
>
> QueryManager queryManager;
> try {
> queryManager = userSession.getWorkspace().getQueryManager();
>
> String sql = "SELECT * FROM [nt:folder]";
> Query query= queryManager.createQuery(sql, Query.JCR_SQL2);
>
> QueryResult result = query.execute();
> NodeIterator nodeIterator = result.getNodes();
>
> System.out.println("Printing all applicable folders");
> while(nodeIterator.hasNext()) {
> Node node = nodeIterator.nextNode();
> System.out.println("Folder Name:" + node.getName() + "; path:
>"
>+ node.getPath());
> PropertyIterator pIterator = node.getProperties();
>
> while (pIterator.hasNext()){ //Returning empty for path
>"/MyCompany/CommonFolder/T1"
> Property property = pIterator.nextProperty();
> if (property.getDefinition().isMultiple()) {
> Value[] values = property.getValues();
> for(Value v11: values) {
> QValueValue value = (QValueValue)v11;
>
> System.out.println(String.format("Multi-valued
>property for node:
> '%s' - %s has
>values",node.getName(),
> property.getName()
>,value.getString()));
> }
> } else {
> QValueValue value = (QValueValue)
>property.getValue();
> String strValue = value.getString();
> System.out.println(String.format("property for
>node: '%s' - %s has value
>
>%s",node.getName(),property.getName(),strValue));
> }
> }
> }
>
> } catch (RepositoryException e) {
> e.printStackTrace();
> }
> }/
>
>Using Jackrabbit(2.6.0 version) and JCR( 2.0 version).
>Any pointers on this?
>
>
>
>
>--
>View this message in context:
>http://jackrabbit.510166.n4.nabble.com/Unable-to-access-node-properties-tp
>4661416.html
>Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.