您能否将 Workspace Security 添加到现有的 Magnolia 工作区?
Can you add Workspace Security to an existing Magnolia workspace?
我们有一个带有 PostgreSQLPersistence 管理器的 Magnolia CMS 5.5 安装程序。我正在调查一个案例,我们的安全配置没有按预期工作。我发现我们的 workspace/repository 配置缺少这三行:
<WorkspaceSecurity>
<AccessControlProvider class="info.magnolia.cms.core.MagnoliaAccessProvider" />
</WorkspaceSecurity>
有没有办法重新创建包括此配置的现有工作区,或者是否只能将数据导出并重新导入到全新安装中(在我们的例子中这需要很长时间)?
编辑:
当我使用以下 repo-conf.xml:
时,它适用于我的本地系统
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Repository PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 1.5//EN"
"http://jackrabbit.apache.org/dtd/repository-1.5.dtd">
<Repository>
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/repository" />
</FileSystem>
<Security appName="magnolia">
<SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager"/>
<AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager">
</AccessManager>
<!-- login module defined here is used by the repo to authenticate every request. not by the webapp to authenticate user against the webapp context (this one has to be passed before thing here gets invoked -->
<LoginModule class="info.magnolia.jaas.sp.jcr.JackrabbitAuthenticationModule">
</LoginModule>
</Security>
<DataStore class="org.apache.jackrabbit.core.data.FileDataStore">
<param name="path" value="${rep.home}/repository/datastore"/>
<param name="minRecordLength" value="1024"/>
</DataStore>
<Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="default" />
<Workspace name="default">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${wsp.home}/default" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxx" />
<param name="databaseType" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxx" />
<param name="password" value="xxxxxx" />
<param name="schemaObjectPrefix" value="${wsp.name}_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
<SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${wsp.home}/index" />
<param name="useCompoundFile" value="true" />
<param name="minMergeDocs" value="100" />
<param name="volatileIdleTime" value="3" />
<param name="maxMergeDocs" value="100000" />
<param name="mergeFactor" value="10" />
<param name="maxFieldLength" value="10000" />
<param name="bufferSize" value="10" />
<param name="cacheSize" value="1000" />
<param name="forceConsistencyCheck" value="false" />
<param name="autoRepair" value="true" />
<param name="analyzer" value="org.apache.lucene.analysis.standard.StandardAnalyzer" />
<param name="queryClass" value="org.apache.jackrabbit.core.query.QueryImpl" />
<param name="respectDocumentOrder" value="true" />
<param name="resultFetchSize" value="2147483647" />
<param name="extractorPoolSize" value="3" />
<param name="extractorTimeout" value="100" />
<param name="extractorBackLogSize" value="100" />
<!-- needed to highlight the searched term -->
<param name="supportHighlighting" value="true"/>
<!-- custom provider for getting an HTML excerpt in a query result with rep:excerpt() -->
<param name="excerptProviderClass" value="info.magnolia.jackrabbit.lucene.SearchHTMLExcerpt"/>
</SearchIndex>
<WorkspaceSecurity>
<AccessControlProvider class="info.magnolia.cms.core.MagnoliaAccessProvider" />
</WorkspaceSecurity>
</Workspace>
<Versioning rootPath="${rep.home}/version">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/workspaces/version" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxxx" />
<param name="schema" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxxxxx" />
<param name="password" value="xxxxxxxx" />
<param name="schemaObjectPrefix" value="version_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
</Versioning>
</Repository>
此处 removing/adding WorkspaceSecurity 有效。
但是在相关系统上,我们有另一个配置,其中添加 WorkspaceSecurity 不起作用:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Repository PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 1.5//EN"
"http://jackrabbit.apache.org/dtd/repository-1.5.dtd">
<Repository>
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/repository" />
</FileSystem>
<Security appName="Jackrabbit">
<AccessManager class="org.apache.jackrabbit.core.security.SimpleAccessManager"></AccessManager>
<LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule">
<param name="yyyyyyy" value="yyyyyyy" />
</LoginModule>
</Security>
<DataStore class="org.apache.jackrabbit.core.data.FileDataStore">
<param name="path" value="${rep.home}/repository/datastore"/>
<param name="minRecordLength" value="1024"/>
</DataStore>
<Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="default" />
<Workspace name="default">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${wsp.home}/default" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxxxx" />
<param name="schema" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxxxxx" />
<param name="password" value="xxxxxxxx" />
<param name="schemaObjectPrefix" value="${wsp.name}_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
<SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${wsp.home}/index" />
<param name="useCompoundFile" value="true" />
<param name="minMergeDocs" value="100" />
<param name="volatileIdleTime" value="3" />
<param name="maxMergeDocs" value="100000" />
<param name="mergeFactor" value="10" />
<param name="maxFieldLength" value="10000" />
<param name="autoRepair" value="true" />
<param name="analyzer" value="org.apache.lucene.analysis.standard.StandardAnalyzer" />
<param name="queryClass" value="org.apache.jackrabbit.core.query.QueryImpl" />
<param name="respectDocumentOrder" value="true" />
<param name="resultFetchSize" value="2147483647" />
<param name="extractorPoolSize" value="3" />
<param name="extractorTimeout" value="100" />
<param name="extractorBackLogSize" value="100" />
<!-- needed to highlight the searched term -->
<param name="supportHighlighting" value="true"/>
<!-- custom provider for getting an HTML excerpt in a query result with rep:excerpt() -->
<param name="excerptProviderClass" value="info.magnolia.jackrabbit.lucene.SearchHTMLExcerpt"/>
</SearchIndex>
</Workspace>
<Versioning rootPath="${rep.home}/version">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/workspaces/version" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxxxxxx" />
<param name="schema" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxx" />
<param name="password" value="xxxxxxx" />
<param name="schemaObjectPrefix" value="version_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
</Versioning>
</Repository>
在相关系统上使用第一个配置会导致日志中出现大量错误。你知道如何解决这个问题吗?
谢谢,重新编码
您可以使用 Workspace API 复制现有工作区,但这对您没有帮助。您可以导出 rootNode 并将其导入到全新安装中,正如您所提到的,这也将花费大量时间。但是,我对 accessControlProvider class 配置有点困惑,因为当将它添加到配置并重新启动实例时它应该可以正常工作。这是因为权限检查是在运行时完成的,不应以更改 class 没有任何影响的方式影响它。我建议先检查一下,如果由于某种原因仍然无法正常工作,那么我会检查 RepositoryCopier API,也许有一种方法可以在调用 [=11= 时设置 class ]
RepositoryCopier.copy();
干杯,
我们有一个带有 PostgreSQLPersistence 管理器的 Magnolia CMS 5.5 安装程序。我正在调查一个案例,我们的安全配置没有按预期工作。我发现我们的 workspace/repository 配置缺少这三行:
<WorkspaceSecurity>
<AccessControlProvider class="info.magnolia.cms.core.MagnoliaAccessProvider" />
</WorkspaceSecurity>
有没有办法重新创建包括此配置的现有工作区,或者是否只能将数据导出并重新导入到全新安装中(在我们的例子中这需要很长时间)?
编辑: 当我使用以下 repo-conf.xml:
时,它适用于我的本地系统<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Repository PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 1.5//EN"
"http://jackrabbit.apache.org/dtd/repository-1.5.dtd">
<Repository>
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/repository" />
</FileSystem>
<Security appName="magnolia">
<SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager"/>
<AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager">
</AccessManager>
<!-- login module defined here is used by the repo to authenticate every request. not by the webapp to authenticate user against the webapp context (this one has to be passed before thing here gets invoked -->
<LoginModule class="info.magnolia.jaas.sp.jcr.JackrabbitAuthenticationModule">
</LoginModule>
</Security>
<DataStore class="org.apache.jackrabbit.core.data.FileDataStore">
<param name="path" value="${rep.home}/repository/datastore"/>
<param name="minRecordLength" value="1024"/>
</DataStore>
<Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="default" />
<Workspace name="default">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${wsp.home}/default" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxx" />
<param name="databaseType" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxx" />
<param name="password" value="xxxxxx" />
<param name="schemaObjectPrefix" value="${wsp.name}_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
<SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${wsp.home}/index" />
<param name="useCompoundFile" value="true" />
<param name="minMergeDocs" value="100" />
<param name="volatileIdleTime" value="3" />
<param name="maxMergeDocs" value="100000" />
<param name="mergeFactor" value="10" />
<param name="maxFieldLength" value="10000" />
<param name="bufferSize" value="10" />
<param name="cacheSize" value="1000" />
<param name="forceConsistencyCheck" value="false" />
<param name="autoRepair" value="true" />
<param name="analyzer" value="org.apache.lucene.analysis.standard.StandardAnalyzer" />
<param name="queryClass" value="org.apache.jackrabbit.core.query.QueryImpl" />
<param name="respectDocumentOrder" value="true" />
<param name="resultFetchSize" value="2147483647" />
<param name="extractorPoolSize" value="3" />
<param name="extractorTimeout" value="100" />
<param name="extractorBackLogSize" value="100" />
<!-- needed to highlight the searched term -->
<param name="supportHighlighting" value="true"/>
<!-- custom provider for getting an HTML excerpt in a query result with rep:excerpt() -->
<param name="excerptProviderClass" value="info.magnolia.jackrabbit.lucene.SearchHTMLExcerpt"/>
</SearchIndex>
<WorkspaceSecurity>
<AccessControlProvider class="info.magnolia.cms.core.MagnoliaAccessProvider" />
</WorkspaceSecurity>
</Workspace>
<Versioning rootPath="${rep.home}/version">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/workspaces/version" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxxx" />
<param name="schema" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxxxxx" />
<param name="password" value="xxxxxxxx" />
<param name="schemaObjectPrefix" value="version_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
</Versioning>
</Repository>
此处 removing/adding WorkspaceSecurity 有效。 但是在相关系统上,我们有另一个配置,其中添加 WorkspaceSecurity 不起作用:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Repository PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 1.5//EN"
"http://jackrabbit.apache.org/dtd/repository-1.5.dtd">
<Repository>
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/repository" />
</FileSystem>
<Security appName="Jackrabbit">
<AccessManager class="org.apache.jackrabbit.core.security.SimpleAccessManager"></AccessManager>
<LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule">
<param name="yyyyyyy" value="yyyyyyy" />
</LoginModule>
</Security>
<DataStore class="org.apache.jackrabbit.core.data.FileDataStore">
<param name="path" value="${rep.home}/repository/datastore"/>
<param name="minRecordLength" value="1024"/>
</DataStore>
<Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="default" />
<Workspace name="default">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${wsp.home}/default" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxxxx" />
<param name="schema" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxxxxx" />
<param name="password" value="xxxxxxxx" />
<param name="schemaObjectPrefix" value="${wsp.name}_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
<SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${wsp.home}/index" />
<param name="useCompoundFile" value="true" />
<param name="minMergeDocs" value="100" />
<param name="volatileIdleTime" value="3" />
<param name="maxMergeDocs" value="100000" />
<param name="mergeFactor" value="10" />
<param name="maxFieldLength" value="10000" />
<param name="autoRepair" value="true" />
<param name="analyzer" value="org.apache.lucene.analysis.standard.StandardAnalyzer" />
<param name="queryClass" value="org.apache.jackrabbit.core.query.QueryImpl" />
<param name="respectDocumentOrder" value="true" />
<param name="resultFetchSize" value="2147483647" />
<param name="extractorPoolSize" value="3" />
<param name="extractorTimeout" value="100" />
<param name="extractorBackLogSize" value="100" />
<!-- needed to highlight the searched term -->
<param name="supportHighlighting" value="true"/>
<!-- custom provider for getting an HTML excerpt in a query result with rep:excerpt() -->
<param name="excerptProviderClass" value="info.magnolia.jackrabbit.lucene.SearchHTMLExcerpt"/>
</SearchIndex>
</Workspace>
<Versioning rootPath="${rep.home}/version">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/workspaces/version" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxxxxxx" />
<param name="schema" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxx" />
<param name="password" value="xxxxxxx" />
<param name="schemaObjectPrefix" value="version_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
</Versioning>
</Repository>
在相关系统上使用第一个配置会导致日志中出现大量错误。你知道如何解决这个问题吗? 谢谢,重新编码
您可以使用 Workspace API 复制现有工作区,但这对您没有帮助。您可以导出 rootNode 并将其导入到全新安装中,正如您所提到的,这也将花费大量时间。但是,我对 accessControlProvider class 配置有点困惑,因为当将它添加到配置并重新启动实例时它应该可以正常工作。这是因为权限检查是在运行时完成的,不应以更改 class 没有任何影响的方式影响它。我建议先检查一下,如果由于某种原因仍然无法正常工作,那么我会检查 RepositoryCopier API,也许有一种方法可以在调用 [=11= 时设置 class ]
RepositoryCopier.copy();
干杯,