You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Marius Petria (JIRA)" <ji...@apache.org> on 2014/03/05 17:19:42 UTC
[jira] [Updated] (SLING-3435) ResourceAccessSecurity does not
secure access for update operations
[ https://issues.apache.org/jira/browse/SLING-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marius Petria updated SLING-3435:
---------------------------------
Attachment: SLING-3435.patch
I modified to ResourceAccessSecurityImpl to check the gates registered for update operations and return a resource wrapper that cannot be adapted to ModifiableValueMap.
Also, I added ModifiableResourceAccessGateFactory which checks a node for all jcr permissions in order to authorize CRUD operations on a resourceprovider.
> ResourceAccessSecurity does not secure access for update operations
> -------------------------------------------------------------------
>
> Key: SLING-3435
> URL: https://issues.apache.org/jira/browse/SLING-3435
> Project: Sling
> Issue Type: Bug
> Components: ResourceResolver
> Reporter: Marius Petria
> Attachments: SLING-3435.patch
>
>
> ResourceAccessSecurity should use gates registered for update operations in order to secure access to modifiable value maps.
--
This message was sent by Atlassian JIRA
(v6.2#6252)