Users and Groups

Wed, 31 Mar 2010 13:38:43 -0700 

I'm trying to only allow a group full access to a node. Anon and everyone
else can read it. My code is shown below.

 Node websites = testRootNode.addNode("websites");
        Node mccSite = websites.addNode("mcc");
        Node mccHome = mccSite.addNode("home");
        Node crbSite = websites.addNode("crb");

        superuser.save();

        Principal mccPrincipal = new PrincipalImpl("mccGroup");
        Principal crbPrincipal = new PrincipalImpl("crbGroup");

        PrincipalManager pm =
((JackrabbitSession)superuser).getPrincipalManager();

        UserManager um = ((JackrabbitSession)superuser).getUserManager();
        Group mccGroup = um.createGroup(mccPrincipal);
        User mccUser = um.createUser("mcc_user", "1234");
        mccGroup.addMember(mccUser);

        Group crbGroup = um.createGroup(crbPrincipal);
        User crbUser = um.createUser("crb_user", "1234");
        crbGroup.addMember(crbUser);

        AccessControlManager adminAcm = getAccessControlManager(superuser);

        AccessControlPolicyIterator it =
adminAcm.getApplicablePolicies(mccSite.getPath());
while ( it.hasNext() ) {
AccessControlPolicy acp = it.nextAccessControlPolicy();

            Privilege[] readWritePrivileges = new
Privilege[]{adminAcm.privilegeFromName(Privilege.JCR_ALL)};
            Privilege[] readOnlyPrivileges = new
Privilege[]{adminAcm.privilegeFromName(Privilege.JCR_READ)};


 
((AccessControlList)acp).addAccessControlEntry(pm.getPrincipal(SecurityConstants.ANONYMOUS_ID),
readOnlyPrivileges);
            ((AccessControlList)acp).addAccessControlEntry(pm.getEveryone(),
readOnlyPrivileges);

 ((AccessControlList)acp).addAccessControlEntry(pm.getPrincipal("mccGroup"),
readWritePrivileges);

adminAcm.setPolicy(mccSite.getPath(), acp);
}
superuser.save();

        Session mccSession = repository.login(mccUser.getCredentials());

        mccSession.getNode(mccHome.getPath()).addNode("test") ;

        mccSession.save();

        Session crbSession = repository.login(crbUser.getCredentials());

        crbSession.getNode(mccHome.getPath()).addNode("test1") ;

        crbSession.save();


I get the following exception thrown when I try to save the mccSession after
adding the test node.

javax.jcr.AccessDeniedException: /test_1270067658863/websites/mcc/home/test:
not allowed to add or modify item

Now I have added the mccUser to the mccGroup and thought that would be
enough to make it work.

Has anyone got any ideas?

Regards

Ben Short

Reply via email to