Hi,
We are developing our Electronic Document Management System in which we
have used Apache Jackrabbit for the storage and management of documents.
For the development of this project we have used Spring framework of java
programming language. In case of External Login with LDAP we are getting a
issue in which we had successful login to repository using LDAP user but
when we are trying to access root folder of any workspace. So we are trying
to setPolicy on root path of a workspace using admin user. But we haven't
found AdminPrincipal while using external login.
I use the code given below to login and get AccessControlPolicy or
AccessControlList to set Policy on root path using AccessControlManager.
But we found empty iterator from aMgr.getPolicies(path) or
aMgr.getApplicablePolicies(path); methods.User user = ((User)
js.getUserManager().getAuthorizable(userid));
Session session = new TransientRepository().login(new
SimpleCredential("username","password".toCharArray()));
JackrabbitSession js = (JackrabbitSession) session;
Principal principal = user.getPrincipal();
AccessControlManager aMgr = session.getAccessControlManager();
Privilege[] privileges = new Privilege[] {
aMgr.privilegeFromName(Privilege.JCR_ALL) };
JackrabbitAccessControlList acl;
try{
acl = (JackrabbitAccessControlList) aMgr.getPolicies(path)[0];
}catch(Exception e ){
acl = (JackrabbitAccessControlList)
aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
}
// remove all existing entries
for (AccessControlEntry e : acl.getAccessControlEntries()) {
System.out.println(e.getPrivileges());
}
acl.addAccessControlEntry(principal, privileges);
Map<String, Value> restrictions = new HashMap<String, Value>();
ValueFactory vf = session.getValueFactory();
restrictions.put("rep:nodePath", vf.createValue(path,
PropertyType.PATH));
restrictions.put("rep:glob", vf.createValue("*"));
acl.addEntry(principal, privileges, false /* allow or deny */,
restrictions);
aMgr.setPolicy(path, acl);
session.save();
Can we do any setting, so that each user login have all permission on
repository.. Please suggest a way to do so or if there is a problem with my
approach.
Here is setting which I using for JaasAuthentication.
<?xml version="1.0"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE Repository
PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 2.0//EN"
"http://jackrabbit.apache.org/dtd/repository-2.0.dtd";>
<!-- Example Repository Configuration File
Used by
- org.apache.jackrabbit.core.config.RepositoryConfigTest.java
-
-->
<Repository>
<!--
virtual file system where the repository stores global state
(e.g. registered namespaces, custom node types, etc.)
-->
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/repository"/>
</FileSystem>
<!--
data store configuration
-->
<DataStore class="org.apache.jackrabbit.core.data.FileDataStore"/>
<!--
security configuration
-->
<Security appName="Jackrabbit">
<!--
security manager:
class: FQN of class implementing the JackrabbitSecurityManager
interface
-->
<SecurityManager
class="org.apache.jackrabbit.core.DefaultSecurityManager"
workspaceName="security">
<!--
workspace access:
class: FQN of class implementing the WorkspaceAccessManager
interface
-->
<!-- <WorkspaceAccessManager class="..."/> -->
<!-- <param name="config" value="${rep.home}/security.xml"/> -->
</SecurityManager>
<!--
access manager:
class: FQN of class implementing the AccessManager interface
-->
<AccessManager
class="org.apache.jackrabbit.core.security.DefaultAccessManager">
<!-- <param name="config" value="${rep.home}/access.xml"/> -->
</AccessManager>
<LoginModule
class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
<!--
anonymous user name ('anonymous' is the default value)
-->
<param name="anonymousId" value="anonymous"/>
<!--
administrator user id (default value if param is missing is
'admin')
-->
<param name="adminId" value="admin"/>
</LoginModule>
</Security>
<!--
location of workspaces root directory and name of default workspace
-->
<Workspaces rootPath="${rep.home}/workspaces"
defaultWorkspace="default"/>
<!--
workspace configuration template:
used to create the initial workspace if there's no workspace yet
-->
<Workspace name="${wsp.name}">
<!--
virtual file system of the workspace:
class: FQN of class implementing the FileSystem interface
-->
<FileSystem
class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${wsp.home}"/>
</FileSystem>
<!--
persistence manager of the workspace:
class: FQN of class implementing the PersistenceManager
interface
-->
<PersistenceManager
class="org.apache.jackrabbit.core.persistence.pool.DerbyPersistenceManager">
<param name="url" value="jdbc:derby:${wsp.home}/db;create=true"/>
<param name="schemaObjectPrefix" value="${wsp.name}_"/>
</PersistenceManager>
<!--
Search index and the file system it uses.
class: FQN of class implementing the QueryHandler interface
-->
<SearchIndex
class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${wsp.home}/index"/>
<param name="supportHighlighting" value="true"/>
</SearchIndex>
</Workspace>
<!--
Configures the versioning
-->
<Versioning rootPath="${rep.home}/version">
<!--
Configures the filesystem to use for versioning for the
respective
persistence manager
-->
<FileSystem
class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/version" />
</FileSystem>
<!--
Configures the persistence manager to be used for persisting
version state.
Please note that the current versioning implementation is based
on
a 'normal' persistence manager, but this could change in future
implementations.
-->
<PersistenceManager
class="org.apache.jackrabbit.core.persistence.pool.DerbyPersistenceManager">
<param name="url"
value="jdbc:derby:${rep.home}/version/db;create=true"/>
<param name="schemaObjectPrefix" value="version_"/>
</PersistenceManager>
</Versioning>
<!--
Search index for content that is shared repository wide
(/jcr:system tree, contains mainly versions)
-->
<SearchIndex
class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${rep.home}/repository/index"/>
<param name="supportHighlighting" value="true"/>
</SearchIndex>
<!--
Run with a cluster journal
-->
<Cluster id="node1">
<Journal class="org.apache.jackrabbit.core.journal.MemoryJournal"/>
</Cluster>
</Repository>
--
We look forward to a long and fruitful association with you.
*Thanks and Regards*
Rohit Tiwari
Software Engineer
*Address:* Silvereye IT Solutions Pvt. Ltd.,
Flat no-8, Greenwood Apartment,
22 Gokhale Marg, Lucknow - 226001,
Uttar Pradesh
*Call us @:* +91-522-2209945, +91-8874513737
*Visit us @:* www.silvereye.co
<http://www.google.com/url?q=http%3A%2F%2Fwww.silvereye.co&sa=D&sntz=1&usg=AFQjCNEkmf2lpjcs1nZBAD2YV2lQ3jGqDw>
