You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Francisco Carriedo Scher <fc...@gmail.com> on 2011/09/08 15:47:04 UTC
ACLs, ACEs, Privileges...
Hi there,
i am trying to assign the right permissions for the users to operate with
nodes (folders, files...). First of all i checked
http://wiki.apache.org/jackrabbit/AccessControl but the sample for Resource
Based ACLs is a TODO. Then i checked the API to see if it is explicit enough
to do my way with it, but it is not at least for me.
The point i am now at is the following: i can create users (and authenticate
them) and nodes (folders, files...) and i want to set permissions to allow /
disallow actions coming from the subjects over the nodes. Conceptually i
understand what i want to do (set up resource-based ACLs on the root node
that disallows access for every user except the administrator and another
one in each directory which allows access just for its onwer). I think that
the problem is that i am missing something when trying to work with the Java
code. The following piece is the way i access the privileges that the user
(representated by the session i guess) on a node (represented by the path):
[...]
AccessControlManager acm = session.getAccessControlManager();
*// MyOwnACLTemplate extends AbstractACLTemplate*
AccessControlPolicy policy = new *MyOwnACLTemplate*(usersPath,
session.getValueFactory());
*// AccessControlPolicy -- Implemented by --> AbstractACLTemplate*
acm.setPolicy(usersPath, policy);
[...]
And in the last line, when trying to set the policy, i reach the following
code inside Jackrabbit:
public void setPolicy(String absPath, AccessControlPolicy policy) throws
PathNotFoundException,
AccessControlException,
AccessDeniedException,
RepositoryException
{
checkInitialized();
checkPermission(absPath, Permission.MODIFY_AC);
// This exception is always thrown
* throw new AccessControlException("AccessControlPolicy " + policy +
" cannot be applied.");*
}
As far as i understand and seeing the code (inside Jackrabbit), a policy
will never be assigned, isn't it? Should i write my own code to manage the
ACLs, Policies (set of ACEs, isn't it?) and so on?
BTW, am i in the right path to achieve what i described as my target? Or
results that managing ACLs in Jackrabbit is completely different to the path
i am following now?
Thanks in advance for your attention!