You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Ben Short <be...@benshort.co.uk> on 2009/11/27 13:55:32 UTC
Using the AccessControlManager to set a policy
Hi,
I'm trying to use the AccessControlManager to allow a user to have write
permissions to a node. But I can't see how to create a policy.
Can anyone give me any pointers?
Regards
Ben Short
Re: Using the AccessControlManager to set a policy
Posted by Ben Short <be...@benshort.co.uk>.
> please take a look at the API and the specification.
thank you for your patience
i have it working now.
AccessControlPolicyIterator it =
adminAcm.getApplicablePolicies(testRootNode.getPath());
while ( it.hasNext() ) {
AccessControlPolicy acp = it.nextAccessControlPolicy();
Privilege[] privileges = new
Privilege[]{adminAcm.privilegeFromName(Privilege.JCR_WRITE)};
((AccessControlList)acp).addAccessControlEntry(new
PrincipalImpl(anonymous.getUserID()), privileges);
adminAcm.setPolicy(testRootNode.getPath(), acp);
}
superuser.save();
Regards
Ben Short
2009/12/4 Angela Schreiber <an...@day.com>
>
> please take a look at the API and the specification.
>
> - JCR 2.0 provides AccessControlList
> - Jackrabbit API 2.0 in addition provides JackrabbitAccessControlList
> adding a couple of extensions.
>
> the implementation of the final JCR 2.0 will be available
> as of JR 2.0.
>
> older versions of jackrabbit (1.5, 1.6) don't reflect
> the latest version of the specification but intermediate
> states. if you are talking about JCR 2.0, please make
> sure, you refer to one of the jackrabbit 2.0-xyz releases.
>
> angela
>
> Ben Short wrote:
>>
>> Thanks Angela,
>>
>> Through a bit of trial and error I have the following which works as
>> expected.
>>
>> AccessControlPolicyIterator it =
>> adminAcm.getApplicablePolicies(testRootNode.getPath());
>> while ( it.hasNext() ) {
>> AccessControlPolicy acp = it.nextAccessControlPolicy();
>>
>> Privilege[] privileges = new
>> Privilege[]{adminAcm.privilegeFromName(Privilege.JCR_WRITE)};
>>
>> ((AbstractACLTemplate)acp).addEntry(new
>> PrincipalImpl(anonymous.getUserID()), privileges, true);
>>
>> adminAcm.setPolicy(testRootNode.getPath(), acp);
>>
>> }
>> superuser.save();
>>
>> It seems odd to me that I have to cast the AcessControlPolicy
>> to AbstractACLTemplate inorder, which is JackRabbit specific to add a new
>> entry. I wonder what the JCR 2 api dose not define an interface?
>>
>> Regards
>>
>> Ben Short
>>
>> 2009/12/4 Angela Schreiber <an...@day.com>
>>
>>> please take a look at the API.
>>>
>>> AccessControlManager#getApplicablePolicies
>>>
>>> -> for policies that can but haven't yet been applied
>>>
>>> AccessControlManager#getPolicies
>>>
>>> -> for policies that have been applied at a given path
>>> and can be removed again or edited/reapplied
>>>
>>> angela
>>>
>>
>
Re: Using the AccessControlManager to set a policy
Posted by Angela Schreiber <an...@day.com>.
please take a look at the API and the specification.
- JCR 2.0 provides AccessControlList
- Jackrabbit API 2.0 in addition provides JackrabbitAccessControlList
adding a couple of extensions.
the implementation of the final JCR 2.0 will be available
as of JR 2.0.
older versions of jackrabbit (1.5, 1.6) don't reflect
the latest version of the specification but intermediate
states. if you are talking about JCR 2.0, please make
sure, you refer to one of the jackrabbit 2.0-xyz releases.
angela
Ben Short wrote:
> Thanks Angela,
>
> Through a bit of trial and error I have the following which works as
> expected.
>
> AccessControlPolicyIterator it =
> adminAcm.getApplicablePolicies(testRootNode.getPath());
> while ( it.hasNext() ) {
> AccessControlPolicy acp = it.nextAccessControlPolicy();
>
> Privilege[] privileges = new
> Privilege[]{adminAcm.privilegeFromName(Privilege.JCR_WRITE)};
>
> ((AbstractACLTemplate)acp).addEntry(new
> PrincipalImpl(anonymous.getUserID()), privileges, true);
>
> adminAcm.setPolicy(testRootNode.getPath(), acp);
>
> }
> superuser.save();
>
> It seems odd to me that I have to cast the AcessControlPolicy
> to AbstractACLTemplate inorder, which is JackRabbit specific to add a new
> entry. I wonder what the JCR 2 api dose not define an interface?
>
> Regards
>
> Ben Short
>
> 2009/12/4 Angela Schreiber <an...@day.com>
>
>> please take a look at the API.
>>
>> AccessControlManager#getApplicablePolicies
>>
>> -> for policies that can but haven't yet been applied
>>
>> AccessControlManager#getPolicies
>>
>> -> for policies that have been applied at a given path
>> and can be removed again or edited/reapplied
>>
>> angela
>>
>
Re: Using the AccessControlManager to set a policy
Posted by Ben Short <be...@benshort.co.uk>.
Thanks Angela,
Through a bit of trial and error I have the following which works as
expected.
AccessControlPolicyIterator it =
adminAcm.getApplicablePolicies(testRootNode.getPath());
while ( it.hasNext() ) {
AccessControlPolicy acp = it.nextAccessControlPolicy();
Privilege[] privileges = new
Privilege[]{adminAcm.privilegeFromName(Privilege.JCR_WRITE)};
((AbstractACLTemplate)acp).addEntry(new
PrincipalImpl(anonymous.getUserID()), privileges, true);
adminAcm.setPolicy(testRootNode.getPath(), acp);
}
superuser.save();
It seems odd to me that I have to cast the AcessControlPolicy
to AbstractACLTemplate inorder, which is JackRabbit specific to add a new
entry. I wonder what the JCR 2 api dose not define an interface?
Regards
Ben Short
2009/12/4 Angela Schreiber <an...@day.com>
> please take a look at the API.
>
> AccessControlManager#getApplicablePolicies
>
> -> for policies that can but haven't yet been applied
>
> AccessControlManager#getPolicies
>
> -> for policies that have been applied at a given path
> and can be removed again or edited/reapplied
>
> angela
>
Re: Using the AccessControlManager to set a policy
Posted by Angela Schreiber <an...@day.com>.
please take a look at the API.
AccessControlManager#getApplicablePolicies
-> for policies that can but haven't yet been applied
AccessControlManager#getPolicies
-> for policies that have been applied at a given path
and can be removed again or edited/reapplied
angela
Re: Using the AccessControlManager to set a policy
Posted by Ben Short <be...@benshort.co.uk>.
Hi,
I have a really simple test case as follows:
public class UserManagerTests {
private Repository repository;
private Session superuser;
private Session anonymous;
Node testRootNode;
@Before
public void before() throws Exception {
repository = new TransientRepository();
superuser = repository.login(new SimpleCredentials("admin",
"admin".toCharArray()));
anonymous = repository.login(new SimpleCredentials("anonymous",
"anonymous".toCharArray()));
testRootNode = superuser.getRootNode().addNode("test_" +
Long.toString(System.currentTimeMillis()));
superuser.save();
}
@After
public void after() throws Exception {
testRootNode.remove();
superuser.save();
superuser.logout();
superuser = null;
repository = null;
}
@Test
public void testUserManager() throws Exception {
AccessControlManager adminAcm = getAccessControlManager(superuser);
AccessControlManager anonAcm = getAccessControlManager(anonymous);
Assert.assertFalse(anonAcm.hasPrivileges(testRootNode.getPath(),
privilegesFromName(Privilege.JCR_WRITE)));
// something here to allow anon user to write to our test node
adminAcm.setPolicy(testRootNode.getPath(), policy);
Assert.assertTrue(anonAcm.hasPrivileges(testRootNode.getPath(),
privilegesFromName(Privilege.JCR_WRITE)));
}
}
How do I get/create a policy for the anonymous user which will allow the
anonymous user to write to the test node? All the implementations of
AccessControlPolicy are not visible to to my code.
Regards
Ben
2009/11/27 Ben Short <be...@benshort.co.uk>
> Hi,
>
> I'm trying to use the AccessControlManager to allow a user to have write
> permissions to a node. But I can't see how to create a policy.
>
> Can anyone give me any pointers?
>
> Regards
>
> Ben Short
>