要限制对用户的节点访问权限(使用principalbased.ACL),尝试使用以下代码段,但转为无效:
Map<String, Value> restrictions = new HashMap<String, Value>();
//Apply privilege to user to have read only access to root folder
restrictions.put("rep:nodePath", valueFactory.createValue(ROOT, PropertyType.PATH));
restrictions.put("rep:glob", valueFactory.createValue(""));
accessControlList.addEntry(userPrincipal, privileges, true , restrictions);
accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
有没有其他方法可以将 rep:glob 属性设置为""?
当我提供对root(&#39; /&#39;)的访问权限时,它应该只访问该权限。相反,用户可以访问root下的所有节点。
答案 0 :(得分:1)
如果在限制主体访问时未提供rep:glob属性,则默认ACL会影响目标节点的整个子树。
因此,可选的rep:glob propety将节省您在每个要限制策略的路径上创建限制的时间,并且在创建此String时接受JCR Values和传递的Value实例当在具有路径“/ foo”的ndoe上应用时,将对节点/子节点限制产生以下影响:
-----------------------------------------------------------------------------------
rep:glob value | Effect |
-----------------------------------------------------------------------------------
null | matches /foo and all its children |
-----------------------------------------------------------------------------------
"" (Empty String)| matches "/foo" only |
* (wildcard) | all descendants |
/*bar | all childrens which path ends with "bar" |
/*/bar | all non-direct descendants of "/foo" named "bar" |
/bar* | all childrens which paths begin with "bar" |
*bar | all siblings and descendants of "/foo" that begin with "bar" |
-----------------------------------------------------------------------------------
如果限制不仅适用于您的目标节点,那么某处应该存在一些错误,您可能需要发布整个代码段以获得进一步的帮助。
答案 1 :(得分:0)
即使这个(http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/authorization/GlobPattern.html)模式也不适用于root。无论如何,我已经使用其他方法来跳过root访问检查,同时获取用户。需要在SecurityManager标记中提供SimpleWorkspaceAccessManager。