(This question was cross-posted to http://stackoverflow.com/questions/8174226/trouble-enforcing-read-write-acl-to-jackrabbit-users-on-versionable-nodes StatckOverflow.com However I have not received any answer) We are using Jackrabbit 2.2.7 to develop a repository for xml documents.
We want to create a bunch of users for the repository and enforce some sort of read-only and read-write access privileges on them. We have used the resource based ACL as described http://wiki.apache.org/jackrabbit/AccessControl#Resource-based_ACLs here . Read-only permission works as charm. However, we are having hard time getting read-write to work when a user attempts to create/delete a node that is versionable (mix:versionable), even though we grant him the highest possible privilege, Privilege.JCR_ALL. So far we have realized that the modification to a versioned node actually is not simple. In Jackrabbit, it span across multiple nodes - /jcr:system/jcr:versionStorage is one of them. It seems that unless the user is the admin user himself, he cannot make modification to /jcr:system/ and its child nodes. So my questions are a) is there a way I enable normal users to modify versionable nodes? b) is there a way to create multiple admin users in jackrabbit (pointers, wiki, code snippet)? Here is the security section from the repository.xml: <Security appName="Jackrabbit"> <SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager" workspaceName="security"> </SecurityManager> <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"> </AccessManager> <LoginModule class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule"> </LoginModule> </Security> Here is how we are creating users and enabling access control: { ... JackrabbitSession js = (JackrabbitSession) session; UserManager um = js.getUserManager(); Authorizable grp = um.getAuthorizable("usergroup"); Group userGroup = null; if(grp == null){ userGroup = um.createGroup("usergroup"); }else{ userGroup = (Group) grp; } User user = um.createUser(newUserName, newUserPass); userGroup.addMember(user); Node node = session.getNode("/root"); AccessControlManager acm = session.getAccessControlManager(); AccessControlList acl = getList(acm, node.getPath()); Privilege[] privileges = null ; if(privilege.equals("r")){ privileges = new Privilege[] { acm.privilegeFromName(Privilege.JCR_READ), acm.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT) }; }else if(privilege.equals("rw")){ privileges = new Privilege[] { acm.privilegeFromName(Privilege.JCR_ALL) }; }else{ return; } acl.addAccessControlEntry(new PrincipalImpl(user.getID()), privileges); acm.setPolicy(node.getPath(), acl); session.save(); } -- View this message in context: http://jackrabbit.510166.n4.nabble.com/Trouble-enforcing-read-write-ACL-to-Jackrabbit-users-on-versionable-nodes-tp4096902p4096902.html Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
