Search code examples
mongodbjbossjcr

javax.jcr.AccessDeniedException with Apache Oak with MongoDB on JBoss Wildfly

Whenever I tried to access the root node within a jcr session I encounter the exception

javax.jcr.AccessDeniedException: Root node is not accessible

We have the following setup: JBoss wildfly as application server, apache oak 1.3.2 and we manage the jcr session using JcrTemplate from Spring framework using the code: 

    jcrTemplate.execute(new JcrCallback() {
                        @Override
                        public Object doInJcr(Session session) throws IOException, RepositoryException {
                            Node rootNode = session.getRootNode();
}
    }

Despite the fact that in an unit test i have no problem accessing the root node in an application server environment i'm facing an access denied.

I mention that creating a JCR session factory requires a user name and password which are delegated to the JAAS component which in an application server specific. I have already added the user name using the add-user script from JBoss. Another mention is that apache oak is using a MongoDB behind that I did no configuration regarding it in JBoss. All the connection are managed using the Java monogodb driver, that is in the application classpath.

Do you have any suggestions regarding this problem? If you need more informations feel free to ask

Thanks

Solution

  • A way to grant access on the root node is to configure inside jboss, in it's configuration file a security domain that will handle the JAAS call which Apache Oak will make to get the user. I jboss 8.2.0 I had configured one, but seems not to take it. A work around is to configure a custom security provider for apache oak. Something like this:

    Jcr jcr = new Jcr(new Oak(nodeStore)); // configure security jcr.with(configureSecurityProvider());

    Then you have to grant admin permission to your jcr user like this, in your configureSecurityProvider()) method, like this(note the PermissionConstants class with different permissions):

    Set<String> adminNames = new HashSet<String>(); adminNames.add(environment.getProperty("jcr.user")); ConfigurationParameters configurationParameters = ConfigurationParameters.of(PermissionConstants.PARAM_ADMINISTRATIVE_PRINCIPALS, adminNames); SecurityProvider securityProvider = new SecurityProviderImpl(); AuthorizationConfigurationImpl authorizationConfiguration = AuthorizationConfigurationImpl.class.cast( securityProvider.getConfiguration(AuthorizationConfiguration.class)); authorizationConfiguration.setParameters(configurationParameters);