You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@jackrabbit.apache.org by aimran <ai...@gmail.com> on 2011/01/05 20:44:37 UTC

Import export fails for authorizable node

Hi I am trying to export and import a workspace [system view] using the API. 

However I am getting a strange error when trying to save the import data:

 javax.jcr.nodetype.ConstraintViolationException:
/jcr:root/rep:security/rep:authorizables/rep:users/u/u1/u1@test.com:
mandatory property {internal}password does not exist
        at
org.apache.jackrabbit.core.ItemImpl.validateTransientItems(ItemImpl.java:464)
        at org.apache.jackrabbit.core.ItemImpl.save(ItemImpl.java:1097)
        at org.apache.jackrabbit.core.SessionImpl.save(SessionImpl.java:920)


The exported XML seems to have the password field for the said user:
<sv:node sv:name="u1@test.com">
−
<sv:property sv:name="jcr:primaryType" sv:type="Name">
<sv:value>rep:User</sv:value>
</sv:property>
−
<sv:property sv:name="jcr:uuid" sv:type="String">
<sv:value>9a0dab63-beca-3def-b3c2-b73a878fe095</sv:value>
</sv:property>
−
<sv:property sv:name="email" sv:type="String">
<sv:value>u1@test.com</sv:value>
</sv:property>
−
<sv:property sv:name="jcr:created" sv:type="Date">
<sv:value>2011-01-05T13:08:12.890-06:00</sv:value>
</sv:property>
−
<sv:property sv:name="jcr:createdBy" sv:type="String">
<sv:value>admin</sv:value>
</sv:property>
−
<sv:property sv:name="rep:password" sv:type="String">
<sv:value>{sha1}5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</sv:value>
</sv:property>
−
<sv:property sv:name="rep:principalName" sv:type="String">
<sv:value>u1@test.com</sv:value>
</sv:property>
</sv:node>

Is there a solution for this? Is this a bug?

Also, another related question:
I understand that jcr:system cannot be exported/imported... can the
"jcr:security" and "jcr:policy" be exported/imported?

Thanks,
Imran
-- 
View this message in context: http://jackrabbit.510166.n4.nabble.com/Import-export-fails-for-authorizable-node-tp3176272p3176272.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Re: Import export fails for authorizable node

Posted by Angela Schreiber <an...@adobe.com>.

hi

> Some other confusion points that I have:
> - Since export/import is per workspace basis and access

correct, xml-import is on a per workspace basis and you can only
import content to the workspace your session is attached to.

> control+security+system data is stored above/outside the work space level
> [right?],

no... it depends.
- those access control provider implementations in JR that write the ac
   content to the repository are working on a per workspace level.
- with user management it depends on the implementation. initially in
   JR 1.6 user data were kept in a dedicated workspace once for the whole
   repository. since we were struggling with this approach @Day we
   decided to create an alternative implementation that stores user data
   separately for each workspace (-> UserPerWorkspaceSecurityManager,
   -> UserPerWorkspaceUserManager). obviously importing user-data can
   only be processed if we can assure that the import is operating on
   the same workspace.

if importing users fails in you case, i suggest to verify if the
UserImporter is really initialized upon Session.importXML... that is
reason i consider to be most likely for the failure.
if this isn't the problem source i would like to ask you to provide
a simple testcase including a repository configuration that allows
us to reproduce the problem. see UserImporterTest.java for the testcases
present in the code base.

> then how exactly is the other information supposed to be exported/imported.

non-protected jcr items will be processed during the regular import and 
so are protected properties defined by the built-in node types 
(jcr:uuid, jcr:mixinTypes, jcr:baseVersion, jcr:versionHistory etc.)
any other protected items will be ignored during import UNLESS there is
a importhandler configured that is able to handle those protected items.
by default jackrabbit defines handlers for access control content as
created by jackrabbit's accesscontrolprovider implementations and 
user/group items.

hope that helps
angela

Re: Import export fails for authorizable node

Posted by aimran <ai...@gmail.com>.

Angela, thanks for your reply.

I added the <import> fragment in under the <workspace> element, but I still
get the same error: "..mandatory property {internal}password does not
exist.."

Here's some more info, in case I am doing something wrong:
- Using UserPerWorkspaceSecurityManager SecurityManager
- Running a Jackrabbit 2.1.2 transient repository over derby
- Created a workspace and added a new user in the workspace with UserManager
api
- Added some content
- Set access control  on the added content for the new User
- Exported the workspace XML with the session API [logged in as Admin]. The
exported XML dump shows the new user, content and the ACL
- Importing into another repository that already has the workspace
pre-created, but is empty. Also the config file has the import setting
provided by Angela. This is where it bombs. 
-- Tried to export/import from root path "/":FAILS.mandatory property
password... exception
-- Tried to export/import just the "/rep:security": FAILS. Creates a second
security node [ /rep:security[2]/rep:authorizab...] instead on overriding
the current one and also thows the "mandatory property..." exception.
-- If I import export just the application content it imports, but all the
ACL settings are lost.


What else should I be doing? Can someone please provide some clear steps on
how to go about exporting and import all data relevant to a workspace?


Some other confusion points that I have:
- Since export/import is per workspace basis and access
control+security+system data is stored above/outside the work space level
[right?], then how exactly is the other information supposed to be
exported/imported.
- Since export/import doesnt support versions and other system data, what
exactly is the purpose/motivation behind the import export API. IMHO, it
doesnt seem to provide any value as the import/export doesnt keep the two
workspaces in sync. What is its use case?

-- 
View this message in context: http://jackrabbit.510166.n4.nabble.com/Import-export-fails-for-authorizable-node-tp3176272p3177654.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Re: Import export fails for authorizable node

Posted by Angela Schreiber <an...@adobe.com>.

> Also, another related question:
> I understand that jcr:system cannot be exported/imported... can the
> "jcr:security" and "jcr:policy" be exported/imported?

both ac content and user/group content can be imported by
using Session.importXml (currently workspace import isn't supported
yet). but you have to make sure that your workspace configuration is
properly set as the default behavior is that protected items
are ignored during session import.

example:

<Workspace>
    [...]
    <!--
     XML Import configuration of the workspace
    -->
    <Import>
	<ProtectedItemImporter 
class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
	<ProtectedItemImporter 
class="org.apache.jackrabbit.core.security.user.UserImporter">
	<param name="importBehavior" value="besteffort"/>
	</ProtectedItemImporter>
    </Import>
</Workspace>

hope that helps
angela