jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Created: (JCR-2774) Access control for repository level API operations
Date Tue, 12 Oct 2010 07:58:37 GMT
Access control for repository level API operations

                 Key: JCR-2774
                 URL: https://issues.apache.org/jira/browse/JCR-2774
             Project: Jackrabbit Content Repository
          Issue Type: Bug
          Components: jackrabbit-core
            Reporter: angela

it is a open issue (i guess since jackrabbit 1.0) that the repository level write operations
lack any kind of permission check.
this issues has been raised during specification of jsr 283 [1] but didn't made it into the
specification (left to implementation).

in jackrabbit 2.0 this affects the following parts of the API

- namespace registration
- node type registration
- workspace creation/removal

based on a issue reported by david ("currently an anonymous user can write the namespace registry
which is probably
undesirable [...]"), we could at least add some minimal restrictions. In addition i would
like to take up this discussion
for jsr 333.

[1] https://jsr-283.dev.java.net/issues/show_bug.cgi?id=486

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message