我需要通过编程方式在AEM中给予组权限而不是ALL我只需要给予权限[复制]和[编辑]和[创建]
privileges = new Privilege[] {accCtrlMgr.privilegeFromName(Privilege.JCR_ALL)};
而不是[Privilege.JCR_ALL]我只想要[复制]和[编辑]和[创建]
答案 0 :(得分:1)
我希望这段代码有用。
public static void setCreateEditReplicateAcl(final String aGroupPrincipal, String aPath, final UserManagementService aUserManagementService, final Session aSession) {
try {
UserManager userManager = aUserManagementService.getUserManager(aSession);
AccessControlManager accessControlManager = aSession.getAccessControlManager();
Authorizable group = userManager.getAuthorizable(aGroupPrincipal);
Privilege[] privileges = {
accessControlManager.privilegeFromName(Privilege.JCR_VERSION_MANAGEMENT),
accessControlManager.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES),
accessControlManager.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES),
accessControlManager.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT),
accessControlManager.privilegeFromName(Privilege.JCR_NODE_TYPE_MANAGEMENT),
accessControlManager.privilegeFromName(Replicator.REPLICATE_PRIVILEGE)
};
AccessControlList aclList;
try {
aclList = (AccessControlList) accessControlManager.getApplicablePolicies(aPath).nextAccessControlPolicy();
} catch (NoSuchElementException e) {
aclList = (AccessControlList) accessControlManager.getPolicies(aPath)[0];
}
aclList.addAccessControlEntry(group.getPrincipal(), privileges);
accessControlManager.setPolicy(aPath, aclList);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
答案 1 :(得分:0)
如果使用ui设置acl,则会创建以下权限:
jcr:versionManagement,jcr:modifyProperties,jcr:addChildNodes,crx:replicate,jcr:lockManagement,jcr:nodeTypeManagement
我认为这是您需要的权限。
答案 2 :(得分:0)
JCR API包javax.jcr.security涵盖授权部分,即。允许某个用户使用存储库,但不允许使用由Jackrabbit提供的UserManagement作为特定于实现的功能。
以下是将基于资源的ACL提供给特定节点/路径的代码示例:
public static void setAclPrivileges(String path, Session session) {
try {
AccessControlManager aMgr = session.getAccessControlManager();
// create privilege set
Privilege[] privileges = new Privilege[] {
aMgr.privilegeFromName(Privilege.JCR_VERSION_MANAGEMENT),
aMgr.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES),
aMgr.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES),
aMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT),
aMgr.privilegeFromName(Privilege.JCR_NODE_TYPE_MANAGEMENT),
aMgr.privilegeFromName(Replicator.REPLICATE_PRIVILEGE) };
AccessControlList acl;
try {
// get first applicable policy (for nodes w/o a policy)
acl = (AccessControlList) aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
} catch (NoSuchElementException e) {
// else node already has a policy, get that one
acl = (AccessControlList) aMgr.getPolicies(path)[0];
}
// remove all existing entries
for (AccessControlEntry e : acl.getAccessControlEntries()) {
acl.removeAccessControlEntry(e);
}
// add a new one for the special "everyone" principal
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges);
// the policy must be re-set
aMgr.setPolicy(path, acl);
// and the session must be saved for the changes to be applied
session.save();
} catch (Exception e) {
log.info("---> Not able to perform ACL Privileges..");
log.info("---> Exception.." + e.getMessage());
}
}