jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCR-2774) Access control for repository level API operations
Date Thu, 11 Aug 2011 09:36:27 GMT

    [ https://issues.apache.org/jira/browse/JCR-2774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13083034#comment-13083034
] 

angela commented on JCR-2774:
-----------------------------

will add implementation following the specifications extensions added with issue #15 of JSR
333

> Access control for repository level API operations
> --------------------------------------------------
>
>                 Key: JCR-2774
>                 URL: https://issues.apache.org/jira/browse/JCR-2774
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>            Reporter: angela
>            Assignee: angela
>
> it is a open issue (i guess since jackrabbit 1.0) that the repository level write operations
lack any kind of permission check.
> this issues has been raised during specification of jsr 283 [1] but didn't made it into
the specification (left to implementation).
> in jackrabbit 2.0 this affects the following parts of the API
> - namespace registration
> - node type registration
> - workspace creation/removal
> based on a issue reported by david ("currently an anonymous user can write the namespace
registry which is probably
> undesirable [...]"), we could at least add some minimal restrictions. In addition i would
like to take up this discussion
> for jsr 333.
> [1] https://jsr-283.dev.java.net/issues/show_bug.cgi?id=486

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message