hi guillaume
I am currently looking at leveraging the features of the JackRabbit
UserManager to be able to manage users, groups and give users
administrator privileges for my application.
First of all, is there an easy way to be able to list all users and
all groups that have been created on the system?
yes.
if i remember correctly you can use a 'null' simple filter for a
common property such as rep:principalName to obtain a result
containing all authorizables for the specified search-type.
but as a general rule i would rather suggest to use a specific
query... if you have a huge amount of users and/or groups listing
all of them is probably not very useful.
All the findAuthorizable methods on the UserManager are search
oriented, so all I can think of is writing a wildcard search query for
groups or users whose name is like *. Am I on the right track?
yes. see above.
Also, it seems the Jackrabbit does not pre-create the administrators
group by default.
that's correct. we initially had that and decided to get rid for
various reasons specifically as jackrabbit itself didn't had
any need for it and we decided that it was rather the responsibility
of an application on top of jackrabbit to define such a group.
in addition there is usually the need for various different
groups with some sort of administrative roles depending on the
type and complexity of the application... in order words: limit
the set of authorizables to built-in and avoid creating example
user/group(s).
Please see the following test snippet written in
Scala with ScalaTest. The test fails when trying to get the
authorizable corresponding to the ADMINSTRATORS_NAME group.
yep. that's a leftover. the constant should have been marked
deprecated.
I guess I can just create that group and add a user to it, but is that
sufficient then to give that user all administrators privileges (i.e.
the right to create other users and groups, etc...). If not, what else
would I need to do?
if you need an 'administrators' group, the best solution was
to create it using UserManager#createGroup, then make sure
the corresponding principal is granted sufficient permissions
(according to your needs) and then add the required users to the
administrators group.
"The super user (i.e admin) should be able to create a user and
her to the administrators group" in {
inSession(repository,superuser,password){session =>
val um = session.getUserManager
um.getAuthorizable(SecurityConstants.ADMINISTRATORS_NAME) match{
case null => fail("The authorizable for the administrators
group does not exist.")
case g : Group =>
val newadmin = "newadmin"
g.addMember(um.createUser(newadmin,newadmin))
if you want to have a group, that can have members, you have to
call UserManager.createGroup
case _ => fail("The administrators authorizable is not a group")
}
}
}
regards
angela
