jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Edelson (JIRA)" <j...@apache.org>
Subject [jira] Created: (JCR-2748) provide a (relatively) simple way to disable anonymous access to the security workspace
Date Tue, 14 Sep 2010 18:57:33 GMT
provide a (relatively) simple way to disable anonymous access to the security workspace
---------------------------------------------------------------------------------------

                 Key: JCR-2748
                 URL: https://issues.apache.org/jira/browse/JCR-2748
             Project: Jackrabbit Content Repository
          Issue Type: Improvement
          Components: jackrabbit-core, security
            Reporter: Justin Edelson


As discussed in this thread: http://sling.markmail.org/thread/st52jejjuxykfxtj, the security
workspace is, by default, configured with an AccessControlProvider which provides a fixed
access control policy (i.e. o.a.j.core.security.user.UserAccessControlProvider). In order
to prevent anonymous access to security-related nodes requires the use of an alternate AccessControlProvider.

The attached patch provides a simpler mechanism. By adding

<param name="anonymousAccessToSecurityWorkspace" value="false" />

to the configuration of the DefaultSecurityManager, anonymous access to the security workspace
is forbidden.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message