jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Klimetschek (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-2867) Read-only session
Date Thu, 20 Jan 2011 19:54:43 GMT

    [ https://issues.apache.org/jira/browse/JCR-2867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12984360#action_12984360

Alexander Klimetschek commented on JCR-2867:

Aren't you supposed to use a read-only user in that case? Like anonymous?

> Read-only session
> -----------------
>                 Key: JCR-2867
>                 URL: https://issues.apache.org/jira/browse/JCR-2867
>             Project: Jackrabbit Content Repository
>          Issue Type: New Feature
>          Components: jackrabbit-core
>            Reporter: Jukka Zitting
> It would be nice to have a way to declare that a given JCR session will only be used
for reading, regardless of the access rights of the logged in user. This would be useful for
example in web applications that want to enforce constraints like allowing no writes during
processing of GET requests.
> This could be implemented for example as a per-session flag that could be set through
an extra parameter in the login() call, like this: repository.login("workspace-name?readonly",
> Alternatively a security manager could be connected with a ThreadLocal variable set for
example by a servlet filter based on the current request method.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message