hello,
I tried the following configuration in the corresponding workspace.xml:
<WorkspaceSecurity>
<AccessControlProvider
class="org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider">
<param name="omit-default-permission" value="true"/>
</AccessControlProvider>
</WorkspaceSecurity>
but it is still possible for every user to read the information from the
workspace.
in the workspace the following access-control for 'everyone' exists with the
above configuration:
/rep:accesscontrol/everyone
/rep:accesscontrol/everyone/jcr:primaryType = rep:PrincipalAccessControl
/rep:accesscontrol/everyone/rep:policy
/rep:accesscontrol/everyone/rep:policy/jcr:primaryType = rep:ACL
/rep:accesscontrol/everyone/rep:policy/entry
/rep:accesscontrol/everyone/rep:policy/entry/rep:privileges = jcr:read
/rep:accesscontrol/everyone/rep:policy/entry/rep:nodePath = /
/rep:accesscontrol/everyone/rep:policy/entry/rep:principalName = everyone
/rep:accesscontrol/everyone/rep:policy/entry/jcr:primaryType = rep:GrantACE
perhabs principalbased.ACLProvider does not support the '
omit-default-permission' parameter?
best regards
ferry
-----Ursprüngliche Nachricht-----
Von: Angela Schreiber [mailto:anch...@adobe.com]
Gesendet: Mittwoch, 09. Mai 2012 10:15
An: users@jackrabbit.apache.org
Betreff: Re: AW: remove read-access for everyone from a principal ACL based
workspace
hi
> I wonder how I could turn off read-access of for everyone by configurion of
> theworkspace's AccessControlProvider.
> Neither could I find any hint in the repository-2.0-elements.dtd nor could I
> find any information in the javadoc AccessControlProvider.
>
> Do you have some more infromation about configruation?
you have to adjust the configuration of your workspace:
<?xml version="1.0" encoding="UTF-8"?>
<Workspace name="...">
[...]
<WorkspaceSecurity>
<AccessControlProvider class="...">
<!-- implementation specific parameters. such as e.g. -->
<param name="omit-default-permission" value="true"/>
</AccessControlProvider>
</WorkspaceSecurity>
</Workspace>
if you want to change the configuration for all workspace you
are going to create, you may in addition change the workspace
configuration template in the repository.xml
hope that helps
angela
> best regards
> ferry malzer
>
> -----Ursprüngliche Nachricht-----
> Von: Angela Schreiber [mailto:anch...@adobe.com]
> Gesendet: Dienstag, 08. Mai 2012 08:37
> An: users@jackrabbit.apache.org
> Betreff: Re: remove read-access for everyone from a principal ACL based
> workspace
>
> hi
>
> first you can turn that read access for everyone off in the access
> control provider configuration of your workspace.
>
> second you can't remove protected nodes such as e.g. the access
> control content. in order to remove that access control list you
> have to remove the policy through the API.
> -> JackrabbitAccessControlManager#removePolicy
>
> kind regards
> angela
>
> On 5/7/12 9:11 AM, Malzer Ferdinand OSP sIT wrote:
>> Hello,
>> We use a principal ACL based workspace, but we won't that every user has
>> read access to the workspace.
>> So we tried to remove node "/rep:accesscontrol/everyone" from the workspace.
>> Unfortunately we get the following exception:
>>
>> javax.jcr.nodetype.ConstraintViolationException: Unable to perform
>> operation. Node is protected.
>> at
>> org.apache.jackrabbit.core.ItemValidator.checkCondition(ItemValidator.java:276)
>>
>> Does somebody know how to configure a principal ACL based workspace to avoid
>> read-access for everyone?
>>
>> Thx in advance!
>> ferry malzer
>>
