You can control access to resources in the repository by
setting user permissions on resources.
An access control list (ACL) can be created for a given resource
by specifying the permissions and the users for that resource. System
level permissions are available, and a user granted such permissions
will have rights to everything in the repository. If a given user
has system level permissions, access will be granted to the specified
resource. If the user does not have system level permissions, the ACL
will be inspected in order to determine whether to grant access
to that user.
You can programmatically control access to resources by using
the Repository service Java API or web service API.
Summary of steps
To control access to resources, follow these steps:
-
Include project files.
-
Create a Repository service client.
-
Specify the URI of the resource to be used in the ACL.
-
Retrieve the ACL for the resource.
-
Retrieve the list of users having access to the resource.
-
Create the new access control list.
-
Specify the users to be included in the new ACL.
-
Specify the permissions to be included in the new ACL.
-
Write the new ACL for the resource.
Include project files
Include the necessary files in your development
project. If you are creating a client application using Java, include
the necessary JAR files. If you are using web services, include
the proxy files.
Create the service client
Before you can programmatically read
a resource, you must establish a connection and provide credentials.
This is accomplished by creating a service client.
Specify the URI of the resource to be used in the ACL
Specify
the string containing the resource’s URI. A resource URI is always
required when reading or writing access control lists.
Retrieve the ACL for the resource
Invoke the Repository service
method to read the access control list for the resource, specifying
the resource URI.
Retrieve the list of users having access to the resource
Invoke
the access control list method to retrieve the users who have access
to the resource.
Create the new ACL
Invoke the ACL constructor to create a new
list.
Specify the users to be included in the new ACL
Store the UUIDs
for the users to be used in the new ACL.
Specify the permissions to be included in the new ACL
Create a
list containing the permission strings for the resource and add
that list to the ACLs.
Configuring access control lists using the Java API
To programmatically configure access control lists using
the Repository service Java API, perform the following tasks:
-
Include project files
Include client JAR files
in your Java project’s class path. For information about the location
of these files, see
Including LiveCycle Java library files
.
-
Create the service client
Create a
ResourceRepositoryClient
object
by using its constructor and passing a
ServiceClientFactory
object
that contains connection properties.
-
Specify the URI of the resource to be used in the ACL
Specify
the URI of the resource. In this case, because the resource is the
folder
testFolder
, its URI is
/testFolder
.
The URI is stored as a
java.lang.String
object.
-
Retrieve the ACL for the resource
Invoke the
ResourceRepositoryClient
object’s
readAccessControlList
method
and pass the URI of the resource as a parameter. The method returns
a
com.adobe.repository.infomodel.bean.AccessControlList
object.
-
Retrieve the list of users having access to the resource
Invoke
the
AccessControlList
object’s
getUsersWithPermissions
method,
which returns a
java.util.List
containing strings
that represent the user identifiers. In this example, the list of
users is printed to the screen.
-
Create the new ACL
Invoke the default constructor
for the
AccessControlList
class to create a new
AccessControlList
object
to be used.
-
Specify the users to be included in the new ACL
Determine
which user identifiers to be used in the access control list. In
this example, the first user in the list previously retrieved will
be used.
-
Specify the permissions to be included in the new ACL
Create
a
java.util.ArrayList
that will be used to store
the list of permissions and add the preferred permissions to the
list, which are available as static constants in the
AccessControlEntry
class.
In this example, traversal and read permissions are specified for
a folder; therefore, the values
AccessControlEntry.READ_METADATA_USER_PERM
and
AccessControlEntry.READ_CONTENT_USER_PERM
are
added to the list.
Invoke the newly created
AccessControlList
object’s
setPermissionsForUser
method
and specify the following parameters:
For more information,
see the
LiveCycle API Reference
.
-
Write the new ACL for the resource
Invoke the
ResourceRepositoryClient
object’s
writeAccessControlList
method
and pass in the following parameters:
For
more information, see the
LiveCycle API Reference
and
Repository Service API Quick Starts
.
Configuring access control lists using the web service API
To programmatically configure access control lists using
the Repository service web service API, perform the following tasks:
-
Include project files
-
Create the service client
Using the Microsoft .NET
client assembly, create a
RepositoryServiceService
object
by invoking its default constructor. Set its
Credentials
property
using a
System.Net.NetworkCredential
object containing
the user name and password.
-
Specify the URI of the resource to be used in the ACL
Specify
a string containing the URI of the resource. In this case, because
the resource is the folder
testFolder
, its URI
is
"/testFolder"
. When using a language compliant
with the Microsoft .NET Framework (for example, C#), store the URI
in a
System.String
object.
-
Retrieve the ACL for the resource
Invoke the
RepositoryServiceService
object’s
readAccessControlList
method
and pass the URI of the resource as a parameter. The method returns
an
AccessControlList
object. Pass
null
for
the second parameter.
-
Retrieve the list of users having access to the resource
Retrieve
the
AccessControlList
object’s
usersWithPermissions
field,
which is an
object
array containing strings representing
the user identifiers. In this example, the list of users is printed
to the screen.
-
Create the new ACL
Invoke the default constructor
for the
AccessControlList
class to create a new
AccessControlList
object
to be used.
-
Specify the users to be included in the new ACL
Determine
which user identifiers to be used in the access control list. In
this example, the first user in the list previously retrieved will
be used.
-
Specify the permissions to be included in the new ACL
Create
an
object
array that will be used to store the
list of permissions, and add the preferred permissions to the array,
which must be specified as strings. In this example, traversal and
read permissions are specified for a folder; therefore, the values
"Traverse"
and
"Read"
are
added to the list.
Invoke the default constructor for the
AccessControlEntry
class
to create a new object needed for storing the permissions, and assign
the permissions object to the
AccessControlEntry
object’s
permissions
field.
Create
an object array, store the
AccessControlEntry
object
in it, and assign the array to the
AccessControlList
object’s
entries
field.
Create
an
object
array, store the user identifier in it,
and assign the array to the
AccessControlList
object’s
usersWithPermissions
field.
-
Write the new ACL for the resource
Invoke the
RepositoryServiceService
object’s
writeAccessControlList
method
and pass in the following parameters:
-
The URI of the
resource.
-
The access control list.
-
A
boolean
value used to determine whether
to propagate the permissions to all path-contained resources if
the resource is a collection (
com.adobe.repository.infomodel.bean.ResourceCollection
).
In this example, the value
true
is specified.
-
A
boolean
value used to determine whether
the propagate value was specified. In this example, a value of
true
is
specified.
-
Pass
null
for the remaining parameter.
For more information, see
Repository Service API Quick Starts
.
|
|
|