jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Created: (JCR-2646) AccessControlManager#getEffectivePolicies(String) may expose AC content without proper permissions
Date Fri, 04 Jun 2010 10:22:57 GMT
AccessControlManager#getEffectivePolicies(String) may expose AC content without proper permissions
--------------------------------------------------------------------------------------------------

                 Key: JCR-2646
                 URL: https://issues.apache.org/jira/browse/JCR-2646
             Project: Jackrabbit Content Repository
          Issue Type: Bug
          Components: jackrabbit-core
    Affects Versions: 2.1.0, 2.0.0
            Reporter: angela
            Assignee: angela
            Priority: Minor
             Fix For: 2.2.0


The implementation of AccessControlManager#getEffectivePolicies(String) in the DefaultAccessManager
only checks if the session is allowed
to read AC content at the specified path. However the result may also include policies effective
at absPath that should not be visible to the editing
session (read_AC permissions denied e.g. at an ancestor node) and could not be read by the
editing session be means of #getPolicies().


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message