您能否将 Workspace Security 添加到现有 Magnolia 工作区?
Posted
技术标签:
【中文标题】您能否将 Workspace Security 添加到现有 Magnolia 工作区?【英文标题】:Can you add Workspace Security to an existing Magnolia workspace? 【发布时间】:2019-01-30 12:11:48 【问题描述】:我们有一个带有 PostgreSQLPersistence Manager 的 Magnolia CMS 5.5 设置。我正在调查我们的安全配置没有按预期工作的情况。我发现我们的工作区/存储库配置缺少这三行:
<WorkspaceSecurity>
<AccessControlProvider class="info.magnolia.cms.core.MagnoliaAccessProvider" />
</WorkspaceSecurity>
有没有办法重新创建包含此配置的现有工作区,或者是否只能将数据导出并重新导入到全新安装中(在我们的例子中这需要很长时间)?
编辑: 当我使用以下 repo-conf.xml 时,它适用于我的本地系统:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Repository PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 1.5//EN"
"http://jackrabbit.apache.org/dtd/repository-1.5.dtd">
<Repository>
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="$rep.home/repository" />
</FileSystem>
<Security appName="magnolia">
<SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager"/>
<AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager">
</AccessManager>
<!-- login module defined here is used by the repo to authenticate every request. not by the webapp to authenticate user against the webapp context (this one has to be passed before thing here gets invoked -->
<LoginModule class="info.magnolia.jaas.sp.jcr.JackrabbitAuthenticationModule">
</LoginModule>
</Security>
<DataStore class="org.apache.jackrabbit.core.data.FileDataStore">
<param name="path" value="$rep.home/repository/datastore"/>
<param name="minRecordLength" value="1024"/>
</DataStore>
<Workspaces rootPath="$rep.home/workspaces" defaultWorkspace="default" />
<Workspace name="default">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="$wsp.home/default" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxx" />
<param name="databaseType" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxx" />
<param name="password" value="xxxxxx" />
<param name="schemaObjectPrefix" value="$wsp.name_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
<SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="$wsp.home/index" />
<param name="useCompoundFile" value="true" />
<param name="minMergeDocs" value="100" />
<param name="volatileIdleTime" value="3" />
<param name="maxMergeDocs" value="100000" />
<param name="mergeFactor" value="10" />
<param name="maxFieldLength" value="10000" />
<param name="bufferSize" value="10" />
<param name="cacheSize" value="1000" />
<param name="forceConsistencyCheck" value="false" />
<param name="autoRepair" value="true" />
<param name="analyzer" value="org.apache.lucene.analysis.standard.StandardAnalyzer" />
<param name="queryClass" value="org.apache.jackrabbit.core.query.QueryImpl" />
<param name="respectDocumentOrder" value="true" />
<param name="resultFetchSize" value="2147483647" />
<param name="extractorPoolSize" value="3" />
<param name="extractorTimeout" value="100" />
<param name="extractorBackLogSize" value="100" />
<!-- needed to highlight the searched term -->
<param name="supportHighlighting" value="true"/>
<!-- custom provider for getting an html excerpt in a query result with rep:excerpt() -->
<param name="excerptProviderClass" value="info.magnolia.jackrabbit.lucene.SearchHTMLExcerpt"/>
</SearchIndex>
<WorkspaceSecurity>
<AccessControlProvider class="info.magnolia.cms.core.MagnoliaAccessProvider" />
</WorkspaceSecurity>
</Workspace>
<Versioning rootPath="$rep.home/version">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="$rep.home/workspaces/version" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxxx" />
<param name="schema" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxxxxx" />
<param name="password" value="xxxxxxxx" />
<param name="schemaObjectPrefix" value="version_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
</Versioning>
</Repository>
在这里删除/添加 WorkspaceSecurity 作品。 但是在相关系统上,我们有另一个配置,其中添加 WorkspaceSecurity 不起作用:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Repository PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 1.5//EN"
"http://jackrabbit.apache.org/dtd/repository-1.5.dtd">
<Repository>
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="$rep.home/repository" />
</FileSystem>
<Security appName="Jackrabbit">
<AccessManager class="org.apache.jackrabbit.core.security.SimpleAccessManager"></AccessManager>
<LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule">
<param name="yyyyyyy" value="yyyyyyy" />
</LoginModule>
</Security>
<DataStore class="org.apache.jackrabbit.core.data.FileDataStore">
<param name="path" value="$rep.home/repository/datastore"/>
<param name="minRecordLength" value="1024"/>
</DataStore>
<Workspaces rootPath="$rep.home/workspaces" defaultWorkspace="default" />
<Workspace name="default">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="$wsp.home/default" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxxxx" />
<param name="schema" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxxxxx" />
<param name="password" value="xxxxxxxx" />
<param name="schemaObjectPrefix" value="$wsp.name_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
<SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="$wsp.home/index" />
<param name="useCompoundFile" value="true" />
<param name="minMergeDocs" value="100" />
<param name="volatileIdleTime" value="3" />
<param name="maxMergeDocs" value="100000" />
<param name="mergeFactor" value="10" />
<param name="maxFieldLength" value="10000" />
<param name="autoRepair" value="true" />
<param name="analyzer" value="org.apache.lucene.analysis.standard.StandardAnalyzer" />
<param name="queryClass" value="org.apache.jackrabbit.core.query.QueryImpl" />
<param name="respectDocumentOrder" value="true" />
<param name="resultFetchSize" value="2147483647" />
<param name="extractorPoolSize" value="3" />
<param name="extractorTimeout" value="100" />
<param name="extractorBackLogSize" value="100" />
<!-- needed to highlight the searched term -->
<param name="supportHighlighting" value="true"/>
<!-- custom provider for getting an HTML excerpt in a query result with rep:excerpt() -->
<param name="excerptProviderClass" value="info.magnolia.jackrabbit.lucene.SearchHTMLExcerpt"/>
</SearchIndex>
</Workspace>
<Versioning rootPath="$rep.home/version">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="$rep.home/workspaces/version" />
</FileSystem>
<PersistenceManager class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url" value="jdbc:postgresql://xxxxxxxxx" />
<param name="schema" value="postgresql" /><!-- warning, this is not the schema name, it's the db type -->
<param name="user" value="xxxxx" />
<param name="password" value="xxxxxxx" />
<param name="schemaObjectPrefix" value="version_" />
<param name="externalBLOBs" value="false" />
</PersistenceManager>
</Versioning>
</Repository>
在相关系统上使用第一个配置会导致日志中出现大量错误。你知道如何解决这个问题吗? 谢谢,重新编码
【问题讨论】:
【参考方案1】:您可以使用 Workspace API 复制现有工作区,但这对您没有帮助。您可以导出 rootNode 并将其导入到全新安装中,正如您所提到的,这也将花费大量时间。但是,我对 accessControlProvider 类配置有点困惑,因为当将其添加到配置并重新启动实例时,它应该可以正常工作。这是因为权限检查是在运行时完成的,并且不应该以改变类没有任何影响的方式影响它。我建议先检查一下,如果由于某种原因仍然无法正常工作,那么我会检查 RepositoryCopier API,也许有一种方法可以在调用时设置该类
RepositoryCopier.copy();
干杯,
【讨论】:
确实,只需添加缺少的行并重新启动。权限本身存储在工作区之外,因此您需要该类来执行实际检查。工作区内容完全不受影响。 不幸的是答案保持不变。 好的,我做到了 :) 诀窍是首先将工作空间安全性直接添加到 workspaces.xml ($magnolia.home/repositories/magnolia/workspaces/以上是关于您能否将 Workspace Security 添加到现有 Magnolia 工作区?的主要内容,如果未能解决你的问题,请参考以下文章
Bluemix:我能否使用 Application Security on Cloud 扫描 Java ReST API