You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by jl...@apache.org on 2021/07/22 12:00:55 UTC

[ofbiz-framework] branch trunk updated: Documented: give some information on how to quickly override security in content

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 4fe5ded  Documented: give some information on how to quickly override security in content
4fe5ded is described below

commit 4fe5ded7fe6af78c27a9841c9a663ffb07bce500
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Thu Jul 22 12:33:12 2021 +0200

    Documented: give some information on how to quickly override security in content
---
 applications/content/src/docs/asciidoc/content.adoc | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/applications/content/src/docs/asciidoc/content.adoc b/applications/content/src/docs/asciidoc/content.adoc
index b4b2214..4ad0865 100644
--- a/applications/content/src/docs/asciidoc/content.adoc
+++ b/applications/content/src/docs/asciidoc/content.adoc
@@ -50,6 +50,19 @@ The ContentAssoc entity has a four part primary key and other fields that are us
 The key specifies the 'to' Content and the 'from' Content, as well as the type of association and its effective date.
 See the discussion of the ContentAssoc entity for more information on how content is related.
 
+== Security
+All services defined in the content component are safely secured. If you are in a safe environment, want to save more complex contents and get blocked by the security policy you might want to override the security only in the content component.
+
+Typically when using content/control/WebSiteCms?webSiteId=CmsSite (ie "Edit[ing] WebSite CMS For: CMS Web Site [CmsSite]"), the service updateTextContent may prevent you to save contents with a message like
+
+[WARNING]
+The Following Errors Occurred:
+In field [textData] by our input policy, your input has not been accepted for security reason. Please check and modify accordingly, thanks.
+
+To override the security you can change definitions of other content services by changing the security on field "textData" from "safe" to "any". That's of course an example and you may find other similar cases. 
+
+You may also prefer to change the security policy at an upper level. See owasp.properties file.
+
 == Major CMS entities
 
 === DataResource