jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (JCR-2748) provide a (relatively) simple way to disable anonymous access to the security workspace
Date Tue, 12 Oct 2010 15:40:34 GMT

     [ https://issues.apache.org/jira/browse/JCR-2748?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

angela resolved JCR-2748.

       Resolution: Fixed
    Fix Version/s: 2.2.0

applied patch2 with minor modification: the default value of the anonymousAccess if not present
with the configuration should be 'true' (some existing tests 
therefore failed with the unmodified patch2)

> provide a (relatively) simple way to disable anonymous access to the security workspace
> ---------------------------------------------------------------------------------------
>                 Key: JCR-2748
>                 URL: https://issues.apache.org/jira/browse/JCR-2748
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-core, security
>            Reporter: Justin Edelson
>             Fix For: 2.2.0
>         Attachments: JCR-2748-take2.patch, JCR-2748.patch
> As discussed in this thread: http://sling.markmail.org/thread/st52jejjuxykfxtj, the security
workspace is, by default, configured with an AccessControlProvider which provides a fixed
access control policy (i.e. o.a.j.core.security.user.UserAccessControlProvider). In order
to prevent anonymous access to security-related nodes requires the use of an alternate AccessControlProvider.
> The attached patch provides a simpler mechanism. By adding
> <param name="anonymousAccessToSecurityWorkspace" value="false" />
> to the configuration of the DefaultSecurityManager, anonymous access to the security
workspace is forbidden.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message