manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Muhammed Olgun (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CONNECTORS-1232) Add security support on CMIS Repository Connector
Date Wed, 26 Aug 2015 12:41:46 GMT

    [ https://issues.apache.org/jira/browse/CONNECTORS-1232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14713042#comment-14713042
] 

Muhammed Olgun commented on CONNECTORS-1232:
--------------------------------------------

Ok I made some research. This patch is working for my CMIS implementation but other CMIS implementations
could not be compatible with this patch. Because we cannot see deny ACLs for all CMIS implementations.

For example,

Lets assume that we have a document which has an ACL which has an allow group principal and
a deny user principal,
This user belongs to this group but should not see the document because he is denied,
Even if we get user access tokens with cmis:item type, we can not check that this user denied
via CMIS for this document

This leads a lack of security. I will try to find another solution.


> Add security support on CMIS Repository Connector
> -------------------------------------------------
>
>                 Key: CONNECTORS-1232
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1232
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: CMIS connector
>            Reporter: Muhammed Olgun
>            Assignee: Muhammed Olgun
>            Priority: Minor
>             Fix For: ManifoldCF 2.3
>
>         Attachments: CONNECTORS-1232.patch
>
>
> I realized that CMIS repository connector doesn't add ACL's to RepositoryDocument. 
> This patch gets allow and deny permissions from specification page (permissions must
be comma separated). If CMIS repository supports ACL then it includes principals to RepositoryDocument.
> I'll attach a patch. I ran my tests but a review would be great.
> Thanks!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message