You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2013/09/24 11:04:05 UTC

[jira] [Resolved] (OAK-1016) Anonymous session doesn't see node added by admin

     [ https://issues.apache.org/jira/browse/OAK-1016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela resolved OAK-1016.
-------------------------

    Resolution: Not A Problem

jackrabbit used to have a configuration option that sets up full read permission for everyone on the whole repository (which by default was turned on). while this might be handy it's actually a security issue because the default setup should not grant read access to everybody. therefore i decided to drop that configuration option for oak.

if you want to have this for your tests, your setup should grant jcr:read on the root node in your test setup. something like:

{code}
AccessControlUtils.addAccessControlEntry(admin, "/", EveryonePrincipal.getInstance(), privilegesFromName(Privilege.JCR_READ), true);
        admin.save();
{code}
                
> Anonymous session doesn't see node added by admin
> -------------------------------------------------
>
>                 Key: OAK-1016
>                 URL: https://issues.apache.org/jira/browse/OAK-1016
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: jcr
>    Affects Versions: 0.8
>            Reporter: Bertrand Delacretaz
>            Priority: Minor
>         Attachments: oak-jcr-anonymous.patch
>
>
> I'll attach a patch that demonstrates this, and I'm seeing the same problem in SLING-3063

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira