You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by Nicolas Peltier <np...@apache.org> on 2020/08/06 14:00:03 UTC

[security] new use case for a checkPermission API

Hey,

discussing around pipes [0], we agreed that we would need to check that
current resolver has certain privileges in addition to what it already
"sees" as a resolver (either direct check on the authorizable, either
indirect against configured resources). Bertrand chimed in pointing out to
old discussions about it [1] & [2] , and suggestion to create new
module/api.
If i read the thread correctly, some people are opposed to it, but we have
if i count correctly at least 2 legit usages of this (clam & pipes), which
is enough for legitimizing an API, right?
wdyt?

Nicolas

[0] https://issues.apache.org/jira/browse/SLING-9556
[1]
https://lists.apache.org/thread.html/e949e6328729e493ec0028642173228933ebf6d9b322da5aa0dd64d3%40%3Cdev.sling.apache.org%3E
[2]
https://lists.apache.org/thread.html/72475f31d9dda5128528d67f491468b081c958e9c3b93924de633c3e%40%3Cdev.sling.apache.org%3E

Re: [security] new use case for a checkPermission API

Posted by Nicolas Peltier <pe...@gmail.com>.

here you are [3], it is not merged in as it still break some unit tests
right now

[3]
https://github.com/npeltier/sling-org-apache-sling-pipes/commit/72d0c2bed3d7a7e31de6e4d6a90b815837ab0009#diff-3e9bcd2a44e6dc255a6d8c3cc17adddaR164-R171

Le ven. 7 août 2020 à 10:50, Nicolas Peltier <pe...@gmail.com> a
écrit :

> i was planning to make the API internal for 4.0, and use the outside one
> later, so no change to the API surface.
>
> Le ven. 7 août 2020 à 10:41, Oliver Lietz <ap...@oliverlietz.de> a
> écrit :
>
>> On Friday, August 7, 2020 9:15:10 AM CEST Bertrand Delacretaz wrote:
>> > On Fri, Aug 7, 2020 at 9:14 AM Nicolas Peltier
>> >
>> > <np...@adobe.com.invalid> wrote:
>> > > ...Assuming we are good to go, should I use an internal API for now in
>> > > pipes, and we discuss around moving it to a bundle later?...
>> >
>> > I think that's a good starting point.
>>
>> Nicolas, are you in hurry to get Pipes 4.0 out soon? I guess adding and
>> switching the check requires (again) a major version.
>>
>> Regards,
>> O.
>>
>>
>> > -Bertrand
>>
>>
>>
>>
>>

Re: [security] new use case for a checkPermission API

Posted by Nicolas Peltier <pe...@gmail.com>.

i was planning to make the API internal for 4.0, and use the outside one
later, so no change to the API surface.

Le ven. 7 août 2020 à 10:41, Oliver Lietz <ap...@oliverlietz.de> a écrit :

> On Friday, August 7, 2020 9:15:10 AM CEST Bertrand Delacretaz wrote:
> > On Fri, Aug 7, 2020 at 9:14 AM Nicolas Peltier
> >
> > <np...@adobe.com.invalid> wrote:
> > > ...Assuming we are good to go, should I use an internal API for now in
> > > pipes, and we discuss around moving it to a bundle later?...
> >
> > I think that's a good starting point.
>
> Nicolas, are you in hurry to get Pipes 4.0 out soon? I guess adding and
> switching the check requires (again) a major version.
>
> Regards,
> O.
>
>
> > -Bertrand
>
>
>
>
>

Re: [security] new use case for a checkPermission API

Posted by Oliver Lietz <ap...@oliverlietz.de>.

On Friday, August 7, 2020 9:15:10 AM CEST Bertrand Delacretaz wrote:
> On Fri, Aug 7, 2020 at 9:14 AM Nicolas Peltier
> 
> <np...@adobe.com.invalid> wrote:
> > ...Assuming we are good to go, should I use an internal API for now in
> > pipes, and we discuss around moving it to a bundle later?...
> 
> I think that's a good starting point.

Nicolas, are you in hurry to get Pipes 4.0 out soon? I guess adding and 
switching the check requires (again) a major version.

Regards,
O.


> -Bertrand

Re: [security] new use case for a checkPermission API

Posted by Bertrand Delacretaz <bd...@apache.org>.

On Fri, Aug 7, 2020 at 9:14 AM Nicolas Peltier
<np...@adobe.com.invalid> wrote:
>
> ...Assuming we are good to go, should I use an internal API for now in pipes,
> and we discuss around moving it to a bundle later?...

I think that's a good starting point.

-Bertrand

Re: [security] new use case for a checkPermission API

Posted by Nicolas Peltier <np...@adobe.com.INVALID>.

Assuming we are good to go, should I use an internal API for now in pipes, and we discuss around moving it to a bundle later?

Nicolas

On 06/08/2020 16:48, "Bertrand Delacretaz" <bd...@apache.org> wrote:

    Hi,

    On Thu, Aug 6, 2020 at 4:00 PM Nicolas Peltier <np...@apache.org> wrote:
    > ...we have
    > if i count correctly at least 2 legit usages of this (clam & pipes), which
    > is enough for legitimizing an API, right?...

    I think so, and there's been several cases already where permissions
    on arbitrary-named operations (like "execute Sling Pipes via HTTP" in
    your case) can help.

    -Bertrand

    > [0] https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FSLING-9556&amp;data=02%7C01%7Cnpeltier%40adobe.com%7Cc143de6b45d0412dcc4008d83a17d753%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637323221356938169&amp;sdata=E2lDv0O8Eu6kttRvm2JzIwuLgFsOTcqnlqmRQL7zQsE%3D&amp;reserved=0
    > [1]
    > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.apache.org%2Fthread.html%2Fe949e6328729e493ec0028642173228933ebf6d9b322da5aa0dd64d3%2540%253Cdev.sling.apache.org%253E&amp;data=02%7C01%7Cnpeltier%40adobe.com%7Cc143de6b45d0412dcc4008d83a17d753%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637323221356938169&amp;sdata=TvhmI0anfsb%2FmaN8EInCNHDNLDgWLHdCAuiDgGQnSEE%3D&amp;reserved=0
    > [2]
    > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.apache.org%2Fthread.html%2F72475f31d9dda5128528d67f491468b081c958e9c3b93924de633c3e%2540%253Cdev.sling.apache.org%253E&amp;data=02%7C01%7Cnpeltier%40adobe.com%7Cc143de6b45d0412dcc4008d83a17d753%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637323221356938169&amp;sdata=ly%2B6r%2Bry60bxEZRcoX2VLJWqnuVRDm5Zjha6yUKcTbM%3D&amp;reserved=0

Re: [security] new use case for a checkPermission API

Posted by Bertrand Delacretaz <bd...@apache.org>.

Hi,

On Thu, Aug 6, 2020 at 4:00 PM Nicolas Peltier <np...@apache.org> wrote:
> ...we have
> if i count correctly at least 2 legit usages of this (clam & pipes), which
> is enough for legitimizing an API, right?...

I think so, and there's been several cases already where permissions
on arbitrary-named operations (like "execute Sling Pipes via HTTP" in
your case) can help.

-Bertrand

> [0] https://issues.apache.org/jira/browse/SLING-9556
> [1]
> https://lists.apache.org/thread.html/e949e6328729e493ec0028642173228933ebf6d9b322da5aa0dd64d3%40%3Cdev.sling.apache.org%3E
> [2]
> https://lists.apache.org/thread.html/72475f31d9dda5128528d67f491468b081c958e9c3b93924de633c3e%40%3Cdev.sling.apache.org%3E