1

In jackrabbit repository, i'm trying to add privileges to a GROUP. I want what "designers" group can write into /templates node.

This node (/templates) is a node with type nt:folder

First, i create a group named "designers"

userManager = jkSession.getUserManager();

        Roles[] rolesTable = { Roles.EDITOR, Roles.DESIGNER,
                Roles.OPERATOR, Roles.ADMINISTRATOR };

        for (Roles role : rolesTable) {


                userManager.createGroup(role.toString());

            ...

and assign privileges to this group for /templates node:

    p = principalManager.findPrincipals(
                                Roles.DESIGNER.toString(),
                                PrincipalManager.SEARCH_TYPE_GROUP)
                                .nextPrincipal();
    Node catalogNode = session.getRootNode().getNode("templates");

                AccessControlPolicyIterator accessControlPolicyIterator = accessControlManager
                        .getApplicablePolicies(catalogNode.getPath());

    AccessControlPolicy policy = accessControlPolicyIterator
                                .nextAccessControlPolicy();

                        if (polic

y instanceof AccessControlList) {

                        AccessControlList acl = (AccessControlList) policy;

                        JackrabbitAccessControlList jackAcl = (JackrabbitAccessControlList) acl;
                        jackAcl
                                .addEntry(
                                        p,
                                        new Privilege[] {
                                                accessControlManager
                                                        .privilegeFromName(Privilege.JCR_ADD_CHILD_NODES),
                                                accessControlManager
                                                        .privilegeFromName(Privilege.JCR_READ),
                                                accessControlManager
                                                        .privilegeFromName(Privilege.JCR_WRITE),
                                                accessControlManager
                                                        .privilegeFromName(Privilege.JCR_REMOVE_NODE) },
                                        true, null);

Now, create user and makes him members to designers group:

    Principal principal = principalManager.findPrincipals(DESIGNER.toString(),
            PrincipalManager.SEARCH_TYPE_GROUP).nextPrincipal();
Group roleToAssign = (Group) userManager.getAuthorizable(principal);

        user = userManager.createUser(login, password);

        roleToAssign.addMember(user);

now login with that user and try addNode to /templates

lCredentials = new SimpleCredentials(login, new String(pPassword)
                    .toCharArray());
        }

        Repository tmpRepository = null;

        try {
            tmpRepository = repositoryFactory.getRepository(repositoryParams);
            session = tmpRepository.login(lCredentials, pWorkspace);

and add node to /templates:

session.getRootNode().getNode("templates").addNode("test","nt:unstructured");

But throw accessDenied:

javax.jcr.AccessDeniedException: Access denied.
    at org.apache.jackrabbit.core.security.DefaultAccessManager.checkPermission(DefaultAccessManager.java:193)
    at org.apache.jackrabbit.core.NodeImpl.addNode(NodeImpl.java:1266)
    at org.apache.jackrabbit.core.session.AddNodeOperation.perform(AddNodeOperation.java:111)
    at org.apache.jackrabbit.core.session.AddNodeOperation.perform(AddNodeOperation.java:37)
    at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216)
    at org.apache.jackrabbit.core.ItemImpl.perform(ItemImpl.java:91)
    at org.apache.jackrabbit.core.NodeImpl.addNodeWithUuid(NodeImpl.java:1814)
    at org.apache.jackrabbit.core.NodeImpl.addNode(NodeImpl.java:1774)
    at org.apache.jackrabbit.commons.JcrUtils.getOrAddNode(JcrUtils.java:519)

I don't find documentation about ACL on jackrabbits groups. Please ¿can someone help me? Thanks.

4

1 に答える 1

2

修理済み。

プリンシパル (グループまたはユーザー) の特権については、この投稿で行ったようなリソース ACL ではなく、プリンシパル ベースの ACL を使用する必要があります。

プリンシパルベース ACL については、次で説明されています。

Jackrabbit ACL (はい、この投稿は RTFM ケースです)

ただし、特定のタイプの子ノードを追加するには、特権リストに特権JCR_NODE_TYPE_MANAGEMENTを追加する必要があります。

    privileges = new Privilege[] {
                                    accessControlManager
                                            .privilegeFromName(Privilege.JCR_ADD_CHILD_NODES),
                                    accessControlManager
                                            .privilegeFromName(Privilege.JCR_READ),
                                    accessControlManager
                                            .privilegeFromName(Privilege.JCR_WRITE),
                                    accessControlManager
                                            .privilegeFromName(Privilege.JCR_NODE_TYPE_MANAGEMENT) };

ありがとう。

于 2012-10-26T13:26:18.107 に答える