You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Francisco Carriedo Scher <fc...@gmail.com> on 2011/09/08 15:47:04 UTC

ACLs, ACEs, Privileges...

Hi there,

i am trying to assign the right permissions for the users to operate with
nodes (folders, files...). First of all i checked
http://wiki.apache.org/jackrabbit/AccessControl but the sample for Resource
Based ACLs is a TODO. Then i checked the API to see if it is explicit enough
to do my way with it, but it is not at least for me.

The point i am now at is the following: i can create users (and authenticate
them) and nodes (folders, files...) and i want to set permissions to allow /
disallow actions coming from the subjects over the nodes. Conceptually i
understand what i want to do (set up resource-based ACLs on the root node
that disallows access for every user except the administrator and another
one in each directory which allows access just for its onwer). I think that
the problem is that i am missing something when trying to work with the Java
code. The following piece is the way i access the privileges that the user
(representated by the session i guess) on a node (represented by the path):

[...]
        AccessControlManager acm = session.getAccessControlManager();
        *// MyOwnACLTemplate extends AbstractACLTemplate*
        AccessControlPolicy policy = new *MyOwnACLTemplate*(usersPath,
session.getValueFactory());
        *// AccessControlPolicy -- Implemented by --> AbstractACLTemplate*
        acm.setPolicy(usersPath, policy);
[...]

And in the last line, when trying to set the policy, i reach the following
code inside Jackrabbit:


    public void setPolicy(String absPath, AccessControlPolicy policy) throws
PathNotFoundException,

AccessControlException,

AccessDeniedException,

 RepositoryException
{

        checkInitialized();
        checkPermission(absPath, Permission.MODIFY_AC);
                    // This exception is always thrown
       * throw new AccessControlException("AccessControlPolicy " + policy +
" cannot be applied.");*

    }


As far as i understand and seeing the code (inside Jackrabbit), a policy
will never be assigned, isn't it? Should i write my own code to manage the
ACLs, Policies (set of ACEs, isn't it?) and so on?

BTW, am i in the right path to achieve what i described as my target? Or
results that managing ACLs in Jackrabbit is completely different to the path
i am following now?

Thanks in advance for your attention!