You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2010/11/16 10:51:14 UTC
[jira] Updated: (JCR-2774) Access control for repository level API
operations
[ https://issues.apache.org/jira/browse/JCR-2774?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela updated JCR-2774:
------------------------
Component/s: security
> Access control for repository level API operations
> --------------------------------------------------
>
> Key: JCR-2774
> URL: https://issues.apache.org/jira/browse/JCR-2774
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, security
> Reporter: angela
>
> it is a open issue (i guess since jackrabbit 1.0) that the repository level write operations lack any kind of permission check.
> this issues has been raised during specification of jsr 283 [1] but didn't made it into the specification (left to implementation).
> in jackrabbit 2.0 this affects the following parts of the API
> - namespace registration
> - node type registration
> - workspace creation/removal
> based on a issue reported by david ("currently an anonymous user can write the namespace registry which is probably
> undesirable [...]"), we could at least add some minimal restrictions. In addition i would like to take up this discussion
> for jsr 333.
> [1] https://jsr-283.dev.java.net/issues/show_bug.cgi?id=486
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.