无法冒充 - 杰克拉比特

时间:2014-09-14 07:12:32

标签: java jackrabbit jcr

我有自定义类型节点et:document,需要在jackrabbit存储库中的某些用户之间共享。

但是当我尝试以超级用户模仿并为每个用户分配一个已定义的属性sharedWithMe时,获取failed login exception

以应用程序用户身份登录,

SimpleCredentials credentials = new SimpleCredentials(userName, password.toCharArray());
Session session = repository.login(credentials, "default");

尝试共享文档(添加到用户节点的属性)

SimpleCredentials credentials = new SimpleCredentials("superuser", "superuser".toCharArray());
Session adminUser = session.impersonate(credentials);
UserManager userManager = ((JackrabbitSession) adminUser).getUserManager();

for(String userID : users) {
    User user = (User) userManager.getAuthorizable(userID);
    Value value = vf.createValue(docPath);
    Value[] sharedDocsPath =  user.getProperty("sharedWithMe");
    int shareDocIndex = 0;
    Value[] revisedSharedDocPath = null;

    if (null != sharedDocsPath && sharedDocsPath.length > 0) {
        revisedSharedDocPath = new Value[sharedDocsPath.length + 1];

        for (Value v : sharedDocsPath) {
            revisedSharedDocPath[shareDocIndex] = v;
            shareDocIndex++;
        }
        revisedSharedDocPath[shareDocIndex] = value;
    } else {
        revisedSharedDocPath = new Value[1];
        revisedSharedDocPath[shareDocIndex] = value;
    }

    user.setProperty("sharedWithMe", revisedSharedDocPath);
}

获得例外:

Caused by: javax.security.auth.login.FailedLoginException: attempt to impersonate denied for superuser
    at org.apache.jackrabbit.core.security.authentication.DefaultLoginModule.impersonate(DefaultLoginModule.java:306)
    at org.apache.jackrabbit.core.security.authentication.AbstractLoginModule.login(AbstractLoginModule.java:330)
    at org.apache.jackrabbit.core.security.authentication.LocalAuthContext.login(LocalAuthContext.java:86)

repository.xml中的安全标记信息

<Security appName="EnterpriseManager">
    <SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager">
        <WorkspaceAccessManager class="org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager"/>
    </SecurityManager>
    <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"/>
    <LoginModule class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">         
        <param name="adminId" value="superuser"/>
    </LoginModule>
</Security>

<Workspace name="${wsp.name}">
    <WorkspaceSecurity>               
        <AccessControlProvider class="org.apache.jackrabbit.core.security.authorization.principalbased.ACLProvider">
            <param name="omit-default-permission" value="true" />
        </AccessControlProvider>
    </WorkspaceSecurity>
</Workspace>

使用JCR 2.0,Jackrabbit 2.6

1 个答案:

答案 0 :(得分:1)

首先需要向校长授予模仿然后冒充。(虽然有点奇怪)

boolean isGranted = impersonation.grantImpersonation(repoUser.getPrincipal());
System.out.println("Granted impersonation for user? " + isGranted);

SimpleCredentials adminCredentials = new SimpleCredentials(suUser, suPassword.toCharArray());
session = (JackrabbitSession) session.impersonate(adminCredentials);
相关问题
最新问题