blob: e24f1433c12620f68a703ecdd99ca27e3df600c6 [file] [log] [blame]
Sling access manager UI sample
---------------------
WHY THIS SAMPLE?
----------------
This demonstrates some sample UI for viewing/updating the access control
lists of JCR nodes.
PRE-REQUISITES
--------------
This sample uses the i18n support provided by the org.apache.sling.i18n bundle,
so that bundle must be installed into your sling instance first.
If using the sling launchpad, you will need to remove the following scripts from your
jackrabbit repository since this sample bundle provides a different implementation of
those scripts.
/apps/sling/servlet/default/ace.html.esp
/apps/sling/servlet/default/acl.html.esp
LAUNCH SLING
------------
The Sling Container can be launched by running the following command in the
launchpad/builder/target directory:
java -jar org.apache.sling.launchpad-<version>-standalone.jar
so if the current version is 7, the command should be:
java -jar org.apache.sling.launchpad-7-standalone.jar
PREPARE SLING
-------------
Install i18n support by installing the org.apache.sling.i18n bundle:
contrib/extensions/i18n $ mvn install -P autoInstallBundle
Remove the default implementation of the ACE and ACL scripts:
Navigate to the sling console:
http://localhost:8080/.explorer.html
Click the 'login' button on the top-right of the screen and log in using
admin/admin
In the tree view, navigate to the /apps/sling/servlet/default/ace.html.esp node.
After clicking on the node, a 'delete this node' button appears. Click this button
to delete the node.
Also delete the /apps/sling/servlet/default/acl.html.esp in the same way.
HOW TO INSTALL
--------------
Build this bundle and install it in Sling:
mvn install -P autoInstallBundle
To verify that the bundle is correctly installed:
http://localhost:8080/libs/sling/accessmanager/page.html.esp
must return the page.html.esp script.
This sample is best tested together with the usermanager-ui demo. Install this as well:
samples/usermanager-ui $ mvn install -P autoInstallBundle
HOW TO TEST
-----------
Login as the admin user.
To test this functionality, install another sample applications, which is used as a
testing ground for the ACLs.
For example, install the slingshot sample:
samples/slingshot $ mvn install -P autoInstallBundle
Create a new user called 'test' using the usermanager at:
http://localhost:8080/system/userManager.html
Using a different browser, confirm that the new 'test' user can access the slingshot
page:
http://localhost:8080/slingshot/albums.html?sling:authRequestLogin=true
We can now restrict access to the slingshot/albums.html resource via the
access manager.
ACLs can be edited by visiting http://localhost:8080/[node_path_here].acl.html
to view the access control list for a JCR node where [node_path_here] is
replaced with the path of the node.
To restrict access to the userManager.html page for the 'test' user, in the original
browser navigate to:
http://localhost:8080/slingshot/albums.acl.html
Make sure that the admin user is still logged in.
Create an entry for the 'test' user denying all privileges.
Restart the different browser/clear all its cookies that logged in the 'test' user
previously. Then visit the following page as 'test' user again:
http://localhost:8080/slingshot/albums.html?sling:authRequestLogin=true
To see that the page is now inaccessible to this user.
Use the links on the page to add/update/remove access control entries to the list
to provision privileges for users or groups.