hi, i'm not sure what's wrong, but i would try to avoid the *impl classes. instead do:
UserManager um = JackrabbitSession.getUserManager(); Authorizable u = um.getAuthorizable(userid); Principal p = u.getPrincipal(); regards, toby On Sun, Sep 18, 2011 at 10:20 PM, Francisco Carriedo Scher <[email protected]> wrote: > Thank you very much Toby, > > the problem was related with other issue. It results that i needed to use > DefaultLoginModule, DefaultAccessManager and DefaultSecurityManager and the > default repository.xml file created in the standalone declares > SimpleAccessManager, Simple... And it just doesn't work. Now assigning ACLs > works ok for the EveryonePrincipal, but not for any other user. I guess that > i am not correctly creating users like this: > > public boolean createUser(String name, String pass) throws > AuthorizableExistsException, RepositoryException{ > > User u; > PrincipalImpl p = new PrincipalImpl(name); > String usersPath = "/" + name; > > u = um.createUser(name, pass, p, null); > u.setProperty("homeFolder", > session.getValueFactory().createValue(usersPath)); > // "HOME" folder for the brand new user > createUsersFolder(name, session); > > session.save(); > return true; > > } > > After executing this code, i try to log in with the new user and i get a > exception: javax.jcr.LoginException: LoginModule ignored Credentials > > In addition, i can not set ACEs on a folder for any user when creating a > folder: > > private void setAcl(Principal p, String path) throws > UnsupportedRepositoryOperationException, RepositoryException { > > AccessControlManager aMgr = session.getAccessControlManager(); > > // create a privilege set with jcr:all > Privilege [] privileges = new Privilege[3]; > privileges[0] = aMgr.privilegeFromName(Privilege.JCR_READ); > privileges[1] = > aMgr.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES); > privileges[2] = > aMgr.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES); > AccessControlList acl; > try { > // get first applicable policy (for nodes w/o a policy) > acl = (AccessControlList) > aMgr.getApplicablePolicies(path).nextAccessControlPolicy(); > } catch (NoSuchElementException e) { > // else node already has a policy, get that one > acl = (AccessControlList) aMgr.getPolicies(path)[0]; > } > // remove all existing entries > for (AccessControlEntry e : acl.getAccessControlEntries()) { > acl.removeAccessControlEntry(e); > } > // add a new one for the special "everyone" principal > _acl.addAccessControlEntry(p, privileges); // THIS LINE CAUSES THE > EXCEP._ > > // the policy must be re-set > aMgr.setPolicy(path, acl); > > // and the session must be saved for the changes to be applied > session.save(); > > } > > On the code above i get the Principal p instance like this: > > um.getPrincipal(new SimpleCredentials(username, username.toCharArray())) > > where username is the username and password of the user i want to assign the > ACL to and the usermanager is instantiated with admin:admin credentials like > this: > > UserManagerImpl um = new UserManagerImpl((SessionImpl) session, "admin"); > > Summing up, i see it like this: > > - i start an admin session and get a user manager instance as admin. > - i create users correctly > - i create folders correctly and try to set ACLs to the users i create but > it doesn't work (because it throws a > javax.jcr.security.AccessControlException: Principal sol3 does not exist. > exception). > > Is there something i am missing? Thanks in advance for your attention! > > > > 2011/9/17 Tobias Bocanegra <[email protected]> >> >> hi francisco, >> >> if you are using normal resource based ACLs you can manage them with >> the provided interfaces. >> >> example to grant all rights to everyone: >> >> AccessControlManager aMgr = session.getAccessControlManager(); >> Privilege[] privileges = new >> Privilege[]{aMgr.privilegeFromName(Privilege.JCR_ALL)}; >> >> // find the ACL policy >> JackrabbitAccessControlList acl; >> try { >> acl = (JackrabbitAccessControlList) >> aMgr.getApplicablePolicies(path).nextAccessControlPolicy(); >> } catch (NoSuchElementException e) { >> acl = (JackrabbitAccessControlList) aMgr.getPolicies(path)[0]; >> } >> >> // remove all existing ACEs >> for (AccessControlEntry e : acl.getAccessControlEntries()) { >> acl.removeAccessControlEntry(e); >> } >> acl.addEntry(EveryonePrincipal.getInstance(), privileges, true); >> aMgr.setPolicy(path, acl); >> session.save(); >> >> (the above code is a bit a hack, as it catches the >> NoSuchElementException from the iterator.next - but i hadn't a nicer >> example ready) >> the point here is, that 'getApplicablePolicies' will return an empty >> iterator if there is already a policy defined on that path. usually >> (in the default implementation) there is only 1 policy, the >> JackrabbitAccessControlList. And either it's applicable, or already >> defined. the rock solid approach would be do iterate over applicable >> or getPolicies until you find a 'JackrabbitAccessControlList'. >> >> hope this helps. >> regards, toby >> >> On Tue, Sep 13, 2011 at 12:04 AM, Francisco Carriedo Scher >> <[email protected]> wrote: >> > Ok, guessing that i need to extend AbstractAccessManager with my own >> > class >> > and override setPolicyMethod, which is exactly the best way to bind a >> > Policy >> > object to a Node object? Is it up to the designer? >> > >> > Thanks for your attention, greetings! >> > >
