jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-2910) Please add JackrabbitSession.isAdmin()
Date Tue, 08 Mar 2011 15:11:59 GMT

    [ https://issues.apache.org/jira/browse/JCR-2910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13003987#comment-13003987
] 

Jukka Zitting commented on JCR-2910:
------------------------------------

> a lot of code

That's not a good reason to introduce flawed design. The issue description already outlines
two workarounds that currently work with three or just one line of code. They have similarly
problems as the proposed isAdmin() method, but at least they don't require changes to public
API. As a longer term solution we should get rid of such sloppy administration features and
make them proper parts of the repository implementation.

What I'm trying to avoid here is encouraging client code like this:

    if (session.isAdmin()) {
        doSomethingThatOnlyAdminsAreAllowedToDo();
    }

It's too easy to accidentally or on purpose forget the isAdmin() call from above, in which
case you have an instant security issue.

The above code is perfectly fine within the implementation (and is also how our normal access
controls fundamentally work), but should not be used at the client level. To borrow the Unix
example, no Unix system allows a backup program to access all system data just on the assumption
that the program should first check the geteuid() return value.


> Please add JackrabbitSession.isAdmin()
> --------------------------------------
>
>                 Key: JCR-2910
>                 URL: https://issues.apache.org/jira/browse/JCR-2910
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>            Reporter: Thomas Mueller
>            Priority: Minor
>
> Currently finding out if the session user is an admin requires:
> JackrabbitSession js = (JackrabbitSession) session;
> User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
> boolean isAdmin = user.isAdmin();
> Or: ((SessionImpl) session).isAdmin(). However casting to an implementation is problematic
for several reasons.
> I think it would make sense to add isAdmin() to the JackrabbitSession interface, so the
code above would be:
> ((JackrabbitSession) session).isAdmin()

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message