jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Edelson (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-2748) provide a (relatively) simple way to disable anonymous access to the security workspace
Date Tue, 12 Oct 2010 21:08:33 GMT

    [ https://issues.apache.org/jira/browse/JCR-2748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12920348#action_12920348
] 

Justin Edelson commented on JCR-2748:
-------------------------------------

thanks Angela

> provide a (relatively) simple way to disable anonymous access to the security workspace
> ---------------------------------------------------------------------------------------
>
>                 Key: JCR-2748
>                 URL: https://issues.apache.org/jira/browse/JCR-2748
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-core, security
>            Reporter: Justin Edelson
>             Fix For: 2.2.0
>
>         Attachments: JCR-2748-take2.patch, JCR-2748.patch
>
>
> As discussed in this thread: http://sling.markmail.org/thread/st52jejjuxykfxtj, the security
workspace is, by default, configured with an AccessControlProvider which provides a fixed
access control policy (i.e. o.a.j.core.security.user.UserAccessControlProvider). In order
to prevent anonymous access to security-related nodes requires the use of an alternate AccessControlProvider.
> The attached patch provides a simpler mechanism. By adding
> <param name="anonymousAccessToSecurityWorkspace" value="false" />
> to the configuration of the DefaultSecurityManager, anonymous access to the security
workspace is forbidden.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message