great, thanks! El jue, 1 jun 2023 a las 14:19, Angela Schreiber (<[email protected]>) escribió:
> hi jorge > > i believe you can even have a tiny simplification. instead of > > if (policy instanceof JackrabbitAccessControlPolicy && policy instanceof > AccessControlList) > > you could write: > > if (policy instanceof JackrabbitAccessControlList) > > because > > interface JackrabbitAccessControlList extends > JackrabbitAccessControlPolicy, AccessControlList > > hope that helps > angela > > ________________________________ > From: Jorge Flórez <[email protected]> > Sent: Thursday, June 1, 2023 20:37 > To: [email protected] <[email protected]> > Subject: Re: Moving to Oak 1.50 or newer > > EXTERNAL: Use caution when clicking on links or opening attachments. > > > Hi Angela. > > Thank you. I don't mind being extra careful :) , especially in this matter. > I think I just made all the changes, it seems it is working. > > This is the code I used to test getting the entries, in case anyone needs > it (or sees an error). > > JackrabbitSession jcrSession = (JackrabbitSession) session; > UserManager um = jcrSession.getUserManager(); > Authorizable authorizable = um.getAuthorizable(user); > JackrabbitAccessControlManager accessControlManager = > (JackrabbitAccessControlManager) session.getAccessControlManager(); > Principal userPrincipal = authorizable.getPrincipal(); > AccessControlPolicy[] policies = > > accessControlManager.getEffectivePolicies(Collections.singleton(userPrincipal)); > JackrabbitAccessControlPolicy jackrabbitPolicy; > AccessControlList acl; > AccessControlEntry[] entries; > List<String> privs; > String path; > JackrabbitAccessControlEntry jackrabbitEntry; > > for (AccessControlPolicy policy : policies) { > if (policy instanceof JackrabbitAccessControlPolicy && > policy instanceof AccessControlList) { > jackrabbitPolicy = (JackrabbitAccessControlPolicy) policy; > path = jackrabbitPolicy.getPath(); > LOG.warn(path); > > acl = (AccessControlList) policy; > entries = acl.getAccessControlEntries(); > > for (AccessControlEntry entry : entries) { > if(entry instanceof JackrabbitAccessControlEntry) { > jackrabbitEntry = (JackrabbitAccessControlEntry) entry; > LOG.warn("\tallow --> " + jackrabbitEntry.isAllow()); > privs = new ArrayList<>(); > for (Privilege priv : jackrabbitEntry.getPrivileges()) { > privs.add(priv.getName()); > } > LOG.warn("\t\t" + privs); > } > } > } > else { > LOG.warn("Unused policy " + policy.getClass().getName()); > } > } > > Best Regards. > > Jorge > > El jue, 1 jun 2023 a las 8:43, Angela Schreiber (<[email protected] > >) > escribió: > > > Hi Jorge > > > > I would recommend sticking with JCR/Jackrabbit API again, but I admit > that > > I am probably extra careful: > > > > > > * test if the AccessControlPolicy is an instanceof AccessControlList > > * get the list of AccessControlEntries > > * test if an AccessControlEntry is a JackrabbitAccessControlEntry > > > > If you want to use the ImmutableACL for simplicity you should in any case > > assert that a given policy is of that type before casting. That's > obviously > > possible. > > > > But obviously it depends on your needs. Just be aware that JCR API is > > pretty flexible and doesn't mandate any particular type of policy to be > > returned. So, relying on impl details may force you to adjust your code. > > > > Hope that helps > > Angela > > ________________________________ > > From: Jorge Flórez <[email protected]> > > Sent: Thursday, June 1, 2023 15:23 > > To: [email protected] <[email protected]> > > Subject: Re: Moving to Oak 1.50 or newer > > > > EXTERNAL: Use caution when clicking on links or opening attachments. > > > > > > Hi Angela, thank you for the suggestion. > > > > I passed from > > if(policy instanceof ImmutableACL) > > to > > if(policy instanceof JackrabbitAccessControlPolicy) > > > > I was a bit hesitant because the debugger was showing ImmutableAcl for > > those elements, but it works :) > > > > Thank you. > > > > I have a question, I have some other similar code that gets the entries > > (List<JackrabbitAccessControlEntry>). In that case I guess I should still > > use cast to ImmutableACL? > > > > Regards. > > > > Jorge > > > > > > > > El jue, 1 jun 2023 a las 2:19, Angela Schreiber > (<[email protected] > > >) > > escribió: > > > > > Hi Jorge > > > > > > Yes, that has changed with OAK-10135< > > > https://issues.apache.org/jira/browse/OAK-10135> for consistency > > reasons. > > > > > > Instead of casting to a spi class (ImmutableAcl) or checking for that > > one, > > > I would suggest you verify that the given effective policy is a > > > JackrabbitAccessControlPolicy. This is the interface that provides the > > > getPath() method. > > > > > > see > > > > > > https://github.com/apache/jackrabbit-oak/blob/trunk/oak-jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/JackrabbitAccessControlPolicy.java#L38 > > > > > > This way you don't rely on some implementation detail and it will work > > for > > > all types of policies provided by any kind of authorization model. > > > > > > hope that helps > > > Angela > > > ________________________________ > > > From: Jorge Flórez <[email protected]> > > > Sent: Wednesday, May 31, 2023 18:50 > > > To: [email protected] <[email protected]> > > > Subject: Re: Moving to Oak 1.50 or newer > > > > > > EXTERNAL: Use caution when clicking on links or opening attachments. > > > > > > > > > Hi, > > > it would seem there is a difference, when I have to get the node paths > > that > > > have an entry with a specific privilege for a user. > > > I am getting a > > > > > > java.lang.ClassCastException: class > > > > > > > > > org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ReadPolicy > > > cannot be cast to class > > > > > > > > > org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ImmutableACL > > > > > > Using > > > > > > JackrabbitSession jcrSession = (JackrabbitSession) session; > > > JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) > > > jcrSession.getAccessControlManager(); > > > AccessControlPolicy[] policies = > > > acMgr.getEffectivePolicies(Collections.singleton(userPrincipal)); > > > > > > for (AccessControlPolicy policy : policies) { > > > p = (ImmutableACL) policy; > > > path = p.getPath(); > > > //... > > > } > > > > > > The getEffectivePolicies method returns objects of type ImmutableACL > and > > an > > > object of type ReadPolicy. > > > I guess I will just have to check before casting, right? > > > > > > Jorge > > > > > > El mar, 23 may 2023 a las 8:24, Jorge Flórez (< > > > [email protected]>) > > > escribió: > > > > > > > Hi Marcel, > > > > thank you for your reply. Regarding MongoDB, it looks like we are > > > covered. > > > > I need to make some changes in my source code regarding the tika and > > > > tika-parsers version. And I got some warnings in the server log like > > > > > > > > WFLYSRV0003: Could not index class com/google/common/io/Closer.class > > > > WFLYSRV0003: Could not index class > > > > > > com/google/common/util/concurrent/AbstractListeningExecutorService.class > > > > WFLYSRV0003: Could not index class > > > > org/apache/jackrabbit/guava/common/io/Closer.class > > > > > > > > But besides that, it seems it will work :) > > > > I will let you all know if something comes up. > > > > > > > > Best Regards. > > > > Jorge > > > > > > > > El lun, 22 may 2023 a las 3:26, Marcel Reutegger > > > > (<[email protected]>) escribió: > > > > > > > >> Hi Jorge, > > > >> > > > >> On 16.05.23, 20:37, "Jorge Flórez" <[email protected]> > > > wrote: > > > >> > we are planning to update our oak dependencies, from 1.12.0 to > > 1.50.0 > > > >> > (or maybe 1.52.0). We are aware that we need to use Java 11 > (already > > > >> > using it) and update our Mongo servers. It seems it will be to > > > version 6 > > > >> > (not my decision). If I have existing repositories created and > > filled > > > >> > using 1.12.0, should I do something additional to make them work > > with > > > >> > the latest version of Oak? > > > >> > > > >> From a DocumentNodeStore perspective, I'm not aware of anything you > > need > > > >> to do for the update. The MongoDB Java driver is compatible with > > MongoDB > > > >> 6.0, but please note, our automated tests currently do not exercise > > this > > > >> combination. I suggest you properly test and report back if you > > identify > > > >> any issues on MongoDB 6.0. > > > >> > > > >> Regards > > > >> Marcel > > > >> > > > > > > > > > >
