Dear Jackrabbit team I have been working on developing a Jackrabbit pass system.
Now I am trying to enable the security module. My requirement is: 1. will have to create users and provide them access to different nodes on the Jackrabbit server. For example there are 2 tenants that I need to onboard, So under the root folder I may have tenant1, and tenant2 folder. 2. we need to create 2 users: t1user and t2user. 3. t1user should access only the tree that starts under tenant1, and t2user for tenant2. 4. And the login mechanism should be token based. Now I have been exploring AccessControl, https://wiki.apache.org/jackrabbit/AccessControl and few other links to create users with proper priviledges. But it does not seem to work. How do I create users with proper privileges ? How do I enable token based authentication on Jackrabbit 2.18 I did not find proper documentation to follow along. Need your kind help in solving this issue. I am attaching some code snippet from repository.xml and user creation java client. -- *Regards* *Tuhin*
<Security appName="Jackrabbit"> <!-- SecurityManager class="org.apache.jackrabbit.core.UserPerWorkspaceSecurityManager" workspaceName="security" --> <SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager"> <!-- optional user manager configuration --> <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager"> <param name="usersPath" value="/home/users"/> <param name="groupsPath" value="/home/groups"/> <param name="defaultDepth" value="1"/> <param name="autoExpandTree" value="true"/> <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.AccessControlAction"> <param name="groupPrivilegeNames" value="jcr:read"/> <param name="userPrivilegeNames" value="jcr:all"/> </AuthorizableAction> </UserManager> <!-- optional workspace access manager configuration --> </SecurityManager> <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"> </AccessManager> <LoginModule class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule"> <param name="adminId" value="user1" /> </LoginModule> </Security> ================= User creation code which is not working============================= I always get following exception: Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0 at securitynstuff.CreateUser.createUsers(CreateUser.java:69) at securitynstuff.CreateUser.main(CreateUser.java:28) Because when I create a new user, the policies are empty at line : JackrabbitAccessControlPolicy[] ps = acMgr.getApplicablePolicies(principal); // or getApplicablePolicies() System.out.println("JackrabbitAccessControlPolicy = " + ps.length); JackrabbitAccessControlList list = (JackrabbitAccessControlList) ps[0]; ======Code here======= package securitynstuff; import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager; import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.core.RepositoryImpl; import org.apache.jackrabbit.core.SessionImpl; import org.apache.jackrabbit.core.config.RepositoryConfig; import javax.jcr.*; import javax.jcr.security.AccessControlManager; import javax.jcr.security.AccessControlPolicyIterator; import javax.jcr.security.Privilege; import java.io.File; import java.io.IOException; import java.security.Principal; import java.util.HashMap; import java.util.Map; public abstract class CreateUser { public static void main(String[] args) { // createUsers("workspace1", "james"); createUsers("tyler3"); } private static void createUsers(String userName) { Session session = null; try { // Repository repository = JcrUtils.getRepository("http://localhost:8080/server"); // Repository repository = new TransientRepository(); RepositoryConfig config = null; try { config = RepositoryConfig.install(new File("/Users/tuhinsubhramandal/jack-repo/")); } catch (IOException e) { e.printStackTrace(); } Repository repository = RepositoryImpl.create(config); session = repository.login(new SimpleCredentials("user1", "user1".toCharArray()), "jcrlocal"); Node rootNode = session.getRootNode(); Node grantedNode = rootNode.addNode("granted"); rootNode.save(); System.out.println("Granted node: " + grantedNode.getPath()); UserManager userManager = ((SessionImpl) session).getUserManager(); User user = userManager.createUser(userName, userName); AccessControlManager acm = ((SessionImpl) session).getAccessControlManager(); AccessControlPolicyIterator acpi = acm.getApplicablePolicies(grantedNode.getPath()); session.save(); /////////////////////////////////////////// Principal principal = user.getPrincipal(); // get the Jackrabbit access control manager JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) session.getAccessControlManager(); JackrabbitAccessControlPolicy[] ps = acMgr.getApplicablePolicies(principal); // or getApplicablePolicies() System.out.println("JackrabbitAccessControlPolicy = " + ps.length); JackrabbitAccessControlList list = (JackrabbitAccessControlList) ps[0]; // list entries JackrabbitAccessControlEntry[] entries = (JackrabbitAccessControlEntry[]) list.getAccessControlEntries(); JackrabbitAccessControlEntry entry = entries[0]; // remove entry list.removeAccessControlEntry(entry); // add entry Privilege[] privileges = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)}; Map<String, Value> restrictions = new HashMap<String, Value>(); ValueFactory vf = session.getValueFactory(); restrictions.put("rep:nodePath", vf.createValue("/bookstore/catalog/", PropertyType.PATH)); restrictions.put("rep:glob", vf.createValue("*")); list.addEntry(principal, privileges, true /* allow or deny */, restrictions); System.out.println("User is created & all the new privileges are set= " + user); // Apply the policy session.save(); } catch (LoginException e) { e.printStackTrace(); } catch (RepositoryException e) { e.printStackTrace(); } finally { if (session != null) session.logout(); } } }