I too am looking forward to ditching my own implementation for this standard implementation.
Without knowing all the ins and outs of this release I may be able to shed some light on things. The principals in Jackrabbit implement java.security.Principal ( http://java.sun.com/j2se/1.4.2/docs/api/java/security/Principal.html). This includes the getName() method which is used as a unique identifier for this particular principal. So a group and a user probably will not be able to have the same name. ACEs are typically implemented with separate allow and deny entries. Setting an allow flag to true or false will not toggle an ACE but rather create an allow entry as well as a deny entry. Again I'm not sure of how everything works but try casting the JackrabbitAccessControlList into something that supports a methods such as removeAccessControlEntry(AccessControlEntry ace). On Sun, Dec 21, 2008 at 2:44 PM, daveg0 <[email protected]>wrote: > > Hi, > > I am trying to learn the security API in Jackrabbit 1.5. I have managed to > create a couple of users and allocate privileges to them. I have peformed a > query and the privileges appear to be honoured. However I tried to remove > the privileges and they would not disappear, here is some example code: > > I am missing a few utility methods, but you can see what I am trying to do. > > I also don't understand how to create a group. It seems the only way to do > this is via createGroup(Principle) but then this throws an exception about > an existing authorizable with that name, so I can't see how to create a > group. The getAuthorizable(String id) also seems to return a user with a > matching name and will never return a group with the same name (if one > could > be created). > > I must be missing something, > > regards, > > Dave > @Test > public void testPortalPrivileges() throws Exception { > SessionImpl adminSession = (SessionImpl) getAdminSession(); > UserManager userManager = adminSession.getUserManager(); > > Group portalGroup = null; > > User portalUser = (User) userManager.getAuthorizable("portalGroup"); > if (portalUser != null) { > // Not understanding how groups/users are managed??? > // portalUser = userManager.createUser("portalGroup", > // "portalGroup"); > // portalGroup = > userManager.createGroup(portalUser.getPrincipal(), > // "/portal"); > } > > AccessControlManager accessControlManager = > adminSession.getAccessControlManager(); > Privilege[] privs = { > accessControlManager.privilegeFromName(Privilege.JCR_READ) }; > > Session userSession = getUserSession(portalUser); > System.out.println("Query before privs granted.."); > showQuery(userSession, > "//portal/portal/pages//element(*,atom:Entry)"); > > addPrivileges(adminSession, portalPath, portalUser, privs); > > System.out.println("Query after privs granted.."); > showQuery(userSession, > "//portal/portal/pages//element(*,atom:Entry)"); > > removePrivileges(adminSession, portalPath, portalUser, privs); > > System.out.println("Query after privs removed.."); > showQuery(userSession, > "//portal/portal/pages//element(*,atom:Entry)"); > > } > > > protected void addPrivileges(SessionImpl adminSession, String path, > Authorizable auth, Privilege[] privs) throws > UnsupportedRepositoryOperationException, RepositoryException { > setPrivileges(adminSession, path, auth, privs, true); > } > > protected void removePrivileges(SessionImpl adminSession, String path, > Authorizable auth, Privilege[] privs) throws > UnsupportedRepositoryOperationException, RepositoryException { > setPrivileges(adminSession, path, auth, privs, false); > } > > protected void setPrivileges(SessionImpl adminSession, String path, > Authorizable auth, Privilege[] privs, boolean allow) throws > UnsupportedRepositoryOperationException, RepositoryException { > AccessControlManager accessControlManager = > adminSession.getAccessControlManager(); > AccessControlPolicyIterator restrictedPolicies = > accessControlManager.getApplicablePolicies(path); > JackrabbitAccessControlList controlList = > (JackrabbitAccessControlList) restrictedPolicies.nextAccessControlPolicy(); > controlList.addEntry(auth.getPrincipal(), privs, allow); > accessControlManager.setPolicy(path, controlList); > adminSession.save(); > } > > The privileges are added, but not removed > > -- > View this message in context: > http://www.nabble.com/Jackrabbit-1.5-Security-help-required-tp21118423p21118423.html > Sent from the Jackrabbit - Users mailing list archive at Nabble.com. > > -- Todd Seiber 830 Fishing Creek Rd. New Cumberland, PA 17070 h. 717-938-5778 c. 717-497-1742 e. [email protected]
