https://connect.hyland.com/t5/nuxeo-forum/problem-with-securitypolicy/m-p/326738#M13739 <P>Hi,</P> <P>I am using the SecurityPolicy class and overriding the checkPermission () method to define access to listing documents. This worked everything perfect. When I start Tomcat, the following is happening WARN:</P> <P>2014-06-30 16:35:00,002 WARN [Quartz_Worker-1] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,695 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,702 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,707 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:40:00,003 WARN [Quartz_Worker-1] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,695 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,700 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,702 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query.</P> <P>Follow my code</P> <P>@Override public Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals) {</P> <PRE><CODE> String confident = null; if (DocumentUtil.verifyTypeName(doc.getType().getName())) { try { confident = (String) doc .getPropertyValue("dcns-common:confidentiality"); } catch (DocumentException e) { // TODO Auto-generated catch block e.printStackTrace(); } if (confident != null){ NuxeoPrincipal targetUser = (NuxeoPrincipal) principal; int levelDoc = Utils.getConfidentLevel(confident); boolean acces = false; for (String group : targetUser.getGroups()) { if (group.startsWith("confidentiality_")) { group = group.replace("confidentiality_", ""); } int levelUser = Utils.getConfidentLevel(group); if (levelUser &gt;= levelDoc) { acces = true; } } if (acces == false) { return Access.DENY; } } } return Access.UNKNOWN; } </CODE></PRE> <P>Could someone give me support? I'm not using Sql Query</P> Mon, 30 Jun 2014 22:19:31 GMT klebervz_ 2014-06-30T22:19:31Z https://connect.hyland.com/t5/nuxeo-forum/problem-with-securitypolicy/m-p/326738#M13739 <P>Hi,</P> <P>I am using the SecurityPolicy class and overriding the checkPermission () method to define access to listing documents. This worked everything perfect. When I start Tomcat, the following is happening WARN:</P> <P>2014-06-30 16:35:00,002 WARN [Quartz_Worker-1] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,695 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,702 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,707 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:40:00,003 WARN [Quartz_Worker-1] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,695 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,700 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,702 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query.</P> <P>Follow my code</P> <P>@Override public Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals) {</P> <PRE><CODE> String confident = null; if (DocumentUtil.verifyTypeName(doc.getType().getName())) { try { confident = (String) doc .getPropertyValue("dcns-common:confidentiality"); } catch (DocumentException e) { // TODO Auto-generated catch block e.printStackTrace(); } if (confident != null){ NuxeoPrincipal targetUser = (NuxeoPrincipal) principal; int levelDoc = Utils.getConfidentLevel(confident); boolean acces = false; for (String group : targetUser.getGroups()) { if (group.startsWith("confidentiality_")) { group = group.replace("confidentiality_", ""); } int levelUser = Utils.getConfidentLevel(group); if (levelUser &gt;= levelDoc) { acces = true; } } if (acces == false) { return Access.DENY; } } } return Access.UNKNOWN; } </CODE></PRE> <P>Could someone give me support? I'm not using Sql Query</P> Mon, 30 Jun 2014 22:19:31 GMT https://connect.hyland.com/t5/nuxeo-forum/problem-with-securitypolicy/m-p/326738#M13739 klebervz_ 2014-06-30T22:19:31Z https://connect.hyland.com/t5/nuxeo-forum/problem-with-securitypolicy/m-p/326739#M13740 <P>Hello, this means your policy can't be expressed in NXQL ie it must be checked individually for each document that a query may return.</P> <P>It only a warnign and is not a big deal unless you have queries that retrieves a lot of documents. In that case Nuxeo allow to express the policy by decorating each NXQL query by adding some where clauses. See <A href="http://doc.nuxeo.com/display/NXDOC/Security+Policy+Service" target="test_blank">http://doc.nuxeo.com/display/NXDOC/Security+Policy+Service</A> for SQLTransformer.</P> Tue, 01 Jul 2014 11:08:12 GMT https://connect.hyland.com/t5/nuxeo-forum/problem-with-securitypolicy/m-p/326739#M13740 Damien_Metzler 2014-07-01T11:08:12Z https://connect.hyland.com/t5/nuxeo-forum/problem-with-securitypolicy/m-p/326740#M13741 <P>Hello,</P> Tue, 01 Jul 2014 14:36:10 GMT https://connect.hyland.com/t5/nuxeo-forum/problem-with-securitypolicy/m-p/326740#M13741 klebervz_ 2014-07-01T14:36:10Z https://connect.hyland.com/t5/nuxeo-forum/problem-with-securitypolicy/m-p/326741#M13742 <P>So don't care about the warnings</P> Tue, 01 Jul 2014 16:10:10 GMT https://connect.hyland.com/t5/nuxeo-forum/problem-with-securitypolicy/m-p/326741#M13742 Damien_Metzler 2014-07-01T16:10:10Z