You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Marius Petria (JIRA)" <ji...@apache.org> on 2014/03/05 17:19:42 UTC

[jira] [Updated] (SLING-3435) ResourceAccessSecurity does not secure access for update operations

     [ https://issues.apache.org/jira/browse/SLING-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marius Petria updated SLING-3435:
---------------------------------

    Attachment: SLING-3435.patch

I modified to ResourceAccessSecurityImpl to check the gates registered for update operations and return a resource wrapper that cannot be adapted to ModifiableValueMap.

Also, I added ModifiableResourceAccessGateFactory which checks a node for all jcr permissions in order to authorize CRUD operations on a resourceprovider.

> ResourceAccessSecurity does not secure access for update operations
> -------------------------------------------------------------------
>
>                 Key: SLING-3435
>                 URL: https://issues.apache.org/jira/browse/SLING-3435
>             Project: Sling
>          Issue Type: Bug
>          Components: ResourceResolver
>            Reporter: Marius Petria
>         Attachments: SLING-3435.patch
>
>
> ResourceAccessSecurity should use gates registered for update operations in order to secure access to modifiable value maps.



--
This message was sent by Atlassian JIRA
(v6.2#6252)