Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem with SecurityPolicy

klebervz_
Confirmed Champ
Confirmed Champ

‎06-30-2014 06:19 PM

Hi,

I am using the SecurityPolicy class and overriding the checkPermission () method to define access to listing documents. This worked everything perfect. When I start Tomcat, the following is happening WARN:

2014-06-30 16:35:00,002 WARN [Quartz_Worker-1] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,695 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,702 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,707 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:40:00,003 WARN [Quartz_Worker-1] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,695 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,700 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,702 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query.

Follow my code

@Override public Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals) {

	String confident = null;
	if (DocumentUtil.verifyTypeName(doc.getType().getName())) {
		try {
			confident = (String) doc
					.getPropertyValue("dcns-common:confidentiality");
		} catch (DocumentException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		if (confident != null){
			
			NuxeoPrincipal targetUser = (NuxeoPrincipal) principal;
			int levelDoc = Utils.getConfidentLevel(confident);
			
			boolean acces = false;
			for (String group : targetUser.getGroups()) {
				
				if (group.startsWith("confidentiality_")) {
					group = group.replace("confidentiality_", "");
				}
				
				int levelUser = Utils.getConfidentLevel(group);
				
				if (levelUser >= levelDoc) {
					acces = true;
				}
			}
			if (acces == false) {
				return Access.DENY;
			}
			
		}

	}
	return Access.UNKNOWN;
}

Could someone give me support? I'm not using Sql Query

0 Kudos
3 REPLIES 3

Damien_Metzler
Star Contributor
Star Contributor

‎07-01-2014 07:08 AM

Hello, this means your policy can't be expressed in NXQL ie it must be checked individually for each document that a query may return.

It only a warnign and is not a big deal unless you have queries that retrieves a lot of documents. In that case Nuxeo allow to express the policy by decorating each NXQL query by adding some where clauses. See http://doc.nuxeo.com/display/NXDOC/Security+Policy+Service for SQLTransformer.

0 Kudos

klebervz_
Confirmed Champ
Confirmed Champ
In response to Damien_Metzler

‎07-01-2014 10:36 AM

Hello,

0 Kudos

Damien_Metzler
Star Contributor
Star Contributor
In response to Damien_Metzler

‎07-01-2014 12:10 PM

So don't care about the warnings

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC