AFAIK policy changes are only applied to new sessions, so if there are existing sessions still open, the new read-only policy won't be applied to them (I think the ACLs are cached in the sessions for performance reasons). A restart automatically gives you fresh new sessions.
Regards, Alex On Tue, Dec 30, 2008 at 8:35 PM, Cheng Zhang <[email protected]> wrote: > The problem is gone after I recreate the repository. Thank you, Todd. > > -Kevin > > > > ----- Original Message ---- > From: Todd Seiber <[email protected]> > To: [email protected] > Sent: Monday, December 29, 2008 1:28:03 PM > Subject: Re: limit user's permission to read only > > I have run this code against a newly initialized repositry and it is working > for me. How are you testing? Is it possible that there are other permissions > which are granting access? > > On Mon, Dec 29, 2008 at 2:10 PM, Cheng Zhang <[email protected]>wrote: > >> Hi, >> >> I'm new to Jackrabbit. Can anybody share me a piece of code about how to >> limit user's repository permission to read-only? My code below doesn't work. >> >> Repository repo = >> RepositoryAccessServlet.getRepository(pageContext.getServletContext()); >> SessionImpl jcrsession = (SessionImpl) repo.login(new >> SimpleCredentials("admin", "admin".toCharArray())); >> UserManager userManager = jcrsession.getUserManager(); >> User user = (User) userManager.getAuthorizable("anonymous"); >> AccessControlManager accessControlManager = >> jcrsession.getAccessControlManager(); >> String restrictedArea = "/"; >> >> org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator >> restrictedPolicies = >> accessControlManager.getApplicablePolicies(restrictedArea); >> >> >> org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList >> restrictedPolicy = >> >> >> (org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList) >> restrictedPolicies.nextAccessControlPolicy(); >> Privilege[] readonlyPrivileges = { >> >> accessControlManager.privilegeFromName(Privilege.JCR_READ), >> >> accessControlManager.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL), >> }; >> >> restrictedPolicy.addEntry(user.getPrincipal(), >> readonlyPrivileges, true); >> accessControlManager.setPolicy(restrictedArea, >> restrictedPolicy); >> >> jcrsession.save(); >> jcrsession.logout(); >> >> >> Your kind help is appreciated greatly. >> >> Thanks a lot, >> Kevin >> > > > > -- > Todd Seiber > 830 Fishing Creek Rd. > New Cumberland, PA 17070 > > h. 717-938-5778 > c. 717-497-1742 > e. [email protected] > > -- Alexander Klimetschek [email protected]
