tree: c614861c44a6c03a13e5cacd3bd1a64f5cd51ac0 [path history] [tgz]
  1. README.md
  2. pom.xml
  3. src/
accessmanager-ui/README.md

Sling access manager UI sample

WHY THIS SAMPLE?

This demonstrates some sample UI for viewing/updating the access control lists of JCR nodes.

PRE-REQUISITES

This sample uses the i18n support provided by the org.apache.sling.i18n bundle, so that bundle must be installed into your sling instance first.

If using the sling launchpad, you will need to remove the following scripts from your jackrabbit repository since this sample bundle provides a different implementation of those scripts. /apps/sling/servlet/default/ace.html.esp /apps/sling/servlet/default/acl.html.esp

LAUNCH SLING

The Sling Container can be launched by running the following command in the launchpad/builder/target directory: java -jar org.apache.sling.launchpad--standalone.jar so if the current version is 7, the command should be: java -jar org.apache.sling.launchpad-7-standalone.jar

PREPARE SLING

Install i18n support by installing the org.apache.sling.i18n bundle: contrib/extensions/i18n $ mvn install -P autoInstallBundle

Remove the default implementation of the ACE and ACL scripts: Navigate to the sling console: http://localhost:8080/.explorer.html

Click the ‘login’ button on the top-right of the screen and log in using admin/admin

In the tree view, navigate to the /apps/sling/servlet/default/ace.html.esp node. After clicking on the node, a ‘delete this node’ button appears. Click this button to delete the node. Also delete the /apps/sling/servlet/default/acl.html.esp in the same way.

HOW TO INSTALL

Build this bundle and install it in Sling:

mvn install -P autoInstallBundle

To verify that the bundle is correctly installed: http://localhost:8080/libs/sling/accessmanager/page.html.esp must return the page.html.esp script.

This sample is best tested together with the usermanager-ui demo. Install this as well: samples/usermanager-ui $ mvn install -P autoInstallBundle

HOW TO TEST

Login as the admin user.

To test this functionality, install another sample applications, which is used as a testing ground for the ACLs. For example, install the slingshot sample: samples/slingshot $ mvn install -P autoInstallBundle

Create a new user called ‘test’ using the usermanager at: http://localhost:8080/system/userManager.html

Using a different browser, confirm that the new ‘test’ user can access the slingshot page: http://localhost:8080/slingshot/albums.html?sling:authRequestLogin=true

We can now restrict access to the slingshot/albums.html resource via the access manager.

ACLs can be edited by visiting http://localhost:8080/[node_path_here].acl.html to view the access control list for a JCR node where [node_path_here] is replaced with the path of the node.

To restrict access to the userManager.html page for the ‘test’ user, in the original browser navigate to: http://localhost:8080/slingshot/albums.acl.html Make sure that the admin user is still logged in.

Create an entry for the ‘test’ user denying all privileges.

Restart the different browser/clear all its cookies that logged in the ‘test’ user previously. Then visit the following page as ‘test’ user again: http://localhost:8080/slingshot/albums.html?sling:authRequestLogin=true

To see that the page is now inaccessible to this user.

Use the links on the page to add/update/remove access control entries to the list to provision privileges for users or groups.