Problem with SecurityPolicy
Hi,
I am using the SecurityPolicy class and overriding the checkPermission () method to define access to listing documents. This worked everything perfect. When I start Tomcat, the following is happening WARN:
2014-06-30 16:35:00,002 WARN [Quartz_Worker-1] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,695 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,702 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,707 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:40:00,003 WARN [Quartz_Worker-1] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,695 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,700 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,702 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query.
Follow my code
@Override
public Access checkPermission(Document doc, ACP mergedAcp,
Principal principal, String permission,
String[] resolvedPermissions, String[] additionalPrincipals) {
String confident = null;
if (DocumentUtil.verifyTypeName(doc.getType().getName())) {
try {
confident = (String) doc
.getPropertyValue("dcns-common:confidentiality");
} catch (DocumentException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (confident != null){
NuxeoPrincipal targetUser = (NuxeoPrincipal) principal;
int levelDoc = Utils.getConfidentLevel(confident);
boolean acces = false;
for (String group : targetUser.getGroups()) {
if (group.startsWith("confidentiality_")) {
group = group.replace("confidentiality_", "");
}
int levelUser = Utils.getConfidentLevel(group);
if (levelUser >= levelDoc) {
acces = true;
}
}
if (acces == false) {
return Access.DENY;
}
}
}
return Access.UNKNOWN;
}
Could someone give me support? I'm not using Sql Query
Hello, this means your policy can't be expressed in NXQL ie it must be checked individually for each document that a query may return.
It only a warnign and is not a big deal unless you have queries that retrieves a lot of documents. In that case Nuxeo allow to express the policy by decorating each NXQL query by adding some where clauses. See http://doc.nuxeo.com/display/NXDOC/Security+Policy+Service for SQLTransformer.
 |
Damien Metzler
Member (1.9K) 1 3 4 |
07/01/2014 ( History) |