yes stefan thanks,i was able to debug my application and reach this part of source code.but for what i see in JR 1.5 permissions types are changed right? also i have seen that there are many new classes such as Authorizable, User, Group...can i see these classes like a support for RBAC model?can you explain how do they work?
----- Original Message ----- Da : Stefan Guggisberg <[email protected]> A : [email protected] Oggetto : Re: removing a node needs to verify a WRITE or a REMOVE permission? Data : Thu, 22 Jan 2009 09:52:15 +0100 > On Wed, Jan 21, 2009 at 7:16 PM, Alessandro Cosenza > <[email protected]> wrote: > > so when i do node.remove( ) first WRITE is checked and > > then REMOVE??? i tried to debug my application but i > > wasn't able to get a point where AccessManager.isGranted > > is called with AccessManager.REMOVE passed-in parameter. > > take a look at the > ItemImpl#validateTransientItems(Iterator,Iterator) method. > it is called by ItemImpl#save(). > > the following code is executed at the end of the > validateTransientItems method: > > <snippet> > // walk through list of removed transient items > and check REMOVE permission > while (removedIter.hasNext()) { > ItemState itemState = (ItemState) > removedIter.next(); > ItemId id = itemState.getId(); > // check REMOVE permission > if (!accessMgr.isGranted(id, > AccessManager.REMOVE)) { > String msg = itemMgr.safeGetJCRPath(id) > + ": not allowed to remove item"; > log.debug(msg); > throw new AccessDeniedException(msg); > } > } > </snippet> > > cheers > stefan > > > > > ----- Original Message ----- From: "Stefan Guggisberg" > > <[email protected]> > > To: <[email protected]> > > Sent: Wednesday, January 21, 2009 6:04 PM > > Subject: Re: removing a node needs to verify a WRITE or > a REMOVE permission? > > > > >> On Wed, Jan 21, 2009 at 5:14 PM, Alessandro Cosenza > >> <[email protected]> wrote: > >>> > >>> so please does anyone can tell me in which cases > REMOVE >>> permissions are checked in JR 1.4. > >>> When i remove a node a WRITE permission is checked on > parent >>> node instead of a REMOVE one. > >>> why? > >> > >> in jackrabbit (and AFAIK in JCR in general) removing or > adding a node >> does modify > >> the parent node. > >> > >> in jackrabbit 1.4, removing a node does check WRITE on > parent node and >> subsequently > >> REMOVE on target. > >> > >> cheers > >> stefan > >> > >>> > >>> ----- Original Message ----- > >>> Da : "Alessandro Cosenza" > <[email protected]> >>> A : > [email protected] >>> Oggetto : Re: removing a > node needs to verify a WRITE or a >>> REMOVE permission? > >>> Data : Wed, 21 Jan 2009 16:13:01 +0100 > >>> > >>>> i'm using 1.4 > >>>> > >>>> ----- Original Message ----- > >>>> Da : Angela Schreiber <[email protected]> > >>>> A : [email protected] > >>>> Oggetto : Re: removing a node needs to verify a WRITE > or a >>>> REMOVE permission? > >>>> Data : Wed, 21 Jan 2009 16:11:02 +0100 > >>>> > >>>> > hi > >>>> > > >>>> > what version of jackrabbit are you using? > >>>> > > >>>> > with the initial steps for jsr 283 security > features >>>> > the AccessManager permissions have been > deprecated. >>>> > > >>>> > as far as i am aware of > AccessManager.isGranted(ItemId, >>>> > int) is (with the > latest version of jackrabbit) only >>>> > used for READ > access and those are prone to be replaced >>>> > as well. > >>>> > > >>>> > angela > >>>> > > >>>> > > hi, > >>>> > > when i call a Node.remove() method it seems JR > always >>>> > > try to check > >>>> > > a WRITE permission (not a REMOVE one) in my > >>>> > > AccessManagerImpl.isGranted(). > >>>> > > i could think it's right, but in which cases a > REMOVE >>>> > > permission is checked? > >>>> > > thanks in advance. > >>>> > > > >>>> > > > >>>> > > >>> > >> > > > > > > > ---------------------------------------------------------- > ---------------------- > > > > > > > Nessun virus nel messaggio in arrivo. > > Controllato da AVG - http://www.avg.com > > Versione: 8.0.176 / Database dei virus: 270.10.10/1906 - > > Data di rilascio: 21/01/2009 7.07 > > > >
