You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2010/10/12 17:40:34 UTC
[jira] Resolved: (JCR-2748) provide a (relatively) simple way to
disable anonymous access to the security workspace
[ https://issues.apache.org/jira/browse/JCR-2748?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela resolved JCR-2748.
-------------------------
Resolution: Fixed
Fix Version/s: 2.2.0
applied patch2 with minor modification: the default value of the anonymousAccess if not present with the configuration should be 'true' (some existing tests
therefore failed with the unmodified patch2)
> provide a (relatively) simple way to disable anonymous access to the security workspace
> ---------------------------------------------------------------------------------------
>
> Key: JCR-2748
> URL: https://issues.apache.org/jira/browse/JCR-2748
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core, security
> Reporter: Justin Edelson
> Fix For: 2.2.0
>
> Attachments: JCR-2748-take2.patch, JCR-2748.patch
>
>
> As discussed in this thread: http://sling.markmail.org/thread/st52jejjuxykfxtj, the security workspace is, by default, configured with an AccessControlProvider which provides a fixed access control policy (i.e. o.a.j.core.security.user.UserAccessControlProvider). In order to prevent anonymous access to security-related nodes requires the use of an alternate AccessControlProvider.
> The attached patch provides a simpler mechanism. By adding
> <param name="anonymousAccessToSecurityWorkspace" value="false" />
> to the configuration of the DefaultSecurityManager, anonymous access to the security workspace is forbidden.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.