You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Justin Edelson (JIRA)" <ji...@apache.org> on 2010/10/04 17:44:33 UTC
[jira] Updated: (JCR-2748) provide a (relatively) simple way to
disable anonymous access to the security workspace
[ https://issues.apache.org/jira/browse/JCR-2748?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Justin Edelson updated JCR-2748:
--------------------------------
Attachment: JCR-2748-take2.patch
updated patch which restricts the change to *only* be within UserAccessControlProvider.
> provide a (relatively) simple way to disable anonymous access to the security workspace
> ---------------------------------------------------------------------------------------
>
> Key: JCR-2748
> URL: https://issues.apache.org/jira/browse/JCR-2748
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core, security
> Reporter: Justin Edelson
> Attachments: JCR-2748-take2.patch, JCR-2748.patch
>
>
> As discussed in this thread: http://sling.markmail.org/thread/st52jejjuxykfxtj, the security workspace is, by default, configured with an AccessControlProvider which provides a fixed access control policy (i.e. o.a.j.core.security.user.UserAccessControlProvider). In order to prevent anonymous access to security-related nodes requires the use of an alternate AccessControlProvider.
> The attached patch provides a simpler mechanism. By adding
> <param name="anonymousAccessToSecurityWorkspace" value="false" />
> to the configuration of the DefaultSecurityManager, anonymous access to the security workspace is forbidden.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.