jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (JCR-2646) AccessControlManager#getEffectivePolicies(String) may expose AC content without proper permissions
Date Tue, 15 Jun 2010 17:03:24 GMT

     [ https://issues.apache.org/jira/browse/JCR-2646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

angela resolved JCR-2646.
-------------------------

    Resolution: Fixed

> AccessControlManager#getEffectivePolicies(String) may expose AC content without proper
permissions
> --------------------------------------------------------------------------------------------------
>
>                 Key: JCR-2646
>                 URL: https://issues.apache.org/jira/browse/JCR-2646
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core
>    Affects Versions: 2.0.0, 2.1.0
>            Reporter: angela
>            Assignee: angela
>            Priority: Minor
>             Fix For: 2.2.0
>
>
> The implementation of AccessControlManager#getEffectivePolicies(String) in the DefaultAccessManager
only checks if the session is allowed
> to read AC content at the specified path. However the result may also include policies
effective at absPath that should not be visible to the editing
> session (read_AC permissions denied e.g. at an ancestor node) and could not be read by
the editing session be means of #getPolicies().

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message