You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by techie2k <de...@gmail.com> on 2014/09/02 09:47:52 UTC
Jackrabbit - Unable to set acl(principal based) on specific path
I'm trying to set access for specific user to have restricted folder/files
access.
But "rep:glob" value is not reflecting as expected.
*For instance, I have created user by log-in as superuser*
/Session session = repository.login(new SimpleCredentials(superuser,
superuser.toCharArray()));
//Create User
UserManager userManager = ((JackrabbitSession) session).getUserManager();
User user =
(org.apache.jackrabbit.api.security.user.User)userManager.createUser(username,
password);/
*and setting access to user for specific path*
///Set Access Control to a path
ac.setAccessControl(session, superUser.getPrincipal(), user.getPrincipal(),
"/1/T30/T300/T3000/T30000", readPrivilege);
session.save();/
///Access Control method
public void setAccessControl(Session session, Principal superUser, Principal
userPrincipal, String nodePath,javax.jcr.security.Privilege[] privileges) {
AccessControlPolicy[] accessControlPolicy = null;
JackrabbitAccessControlList accessControlList = null;
JackrabbitAccessControlManager accessControlManager = null;
try {
accessControlManager = (JackrabbitAccessControlManager)
session.getAccessControlManager();
accessControlPolicy =
accessControlManager.getApplicablePolicies(userPrincipal); // or
getPolicies()
if(accessControlPolicy != null && accessControlPolicy.length >
0) {
accessControlList = (JackrabbitAccessControlList)
accessControlPolicy[0];
}else {
accessControlPolicy =
accessControlManager.getPolicies(userPrincipal);
accessControlList = (JackrabbitAccessControlList)
accessControlPolicy[0];
}
ValueFactory valueFactory = session.getValueFactory();
String[] tokens = nodePath.split("/");
final String DELIMITER = "/";
final String ROOT ="/";
Map<String, Value> restrictions = new HashMap<String, Value>();
//Apply privilege to user to have read only access to root
folder
restrictions.put("rep:nodePath", valueFactory.createValue(ROOT,
PropertyType.PATH));
//restrictions.put("rep:glob", valueFactory.createValue(""));
accessControlList.addEntry(userPrincipal, privileges, true ,
restrictions);
accessControlManager.setPolicy(accessControlList.getPath(),
accessControlList);
//Apply path-specific control
restrictions = new HashMap<String, Value>();
restrictions.put("rep:nodePath",
valueFactory.createValue(nodePath, PropertyType.PATH));
restrictions.put("rep:glob", valueFactory.createValue(""));
accessControlList.addEntry(userPrincipal, privileges, true ,
restrictions);
accessControlManager.setPolicy(accessControlList.getPath(),
accessControlList);
System.out.println("Done");
// finally set policy again & save
session.save();
} catch (UnsupportedRepositoryOperationException e) {
e.printStackTrace();
} catch (RepositoryException e) {
e.printStackTrace();
}
}/
*After setting permissions, log-in with created user and printing nodes,
lists out all the available paths and not the restricted paths applicable
for user.*
/JackrabbitAccessControlManager accessControlManager =
(JackrabbitAccessControlManager) session.getAccessControlManager();
queryManager = session.getWorkspace().getQueryManager();
String sql22 = "select * from [nt:folder]";
Query query22= queryManager.createQuery(sql22, Query.JCR_SQL2);
// execute query and fetch result
QueryResult result22 = query22.execute();
NodeIterator nodeIterator12 = result22.getNodes();
while(nodeIterator12.hasNext()) {
Node node = (Node)nodeIterator12.next();
System.out.println(node.getName());
}/
"rep:glob" set to empty string("") does not work.
Using Jackrabbit 2.6.0, JCR 2
--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Jackrabbit-Unable-to-set-acl-principal-based-on-specific-path-tp4661346.html
Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.