You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Tobias Bocanegra (JIRA)" <ji...@apache.org> on 2009/11/20 14:11:39 UTC

[jira] Created: (JCR-2399) Enable protected security importers by default

Enable protected security importers by default
----------------------------------------------

                 Key: JCR-2399
                 URL: https://issues.apache.org/jira/browse/JCR-2399
             Project: Jackrabbit Content Repository
          Issue Type: Wish
          Components: jackrabbit-core
    Affects Versions: 2.0-beta1
            Reporter: Tobias Bocanegra


We added those cool protected property and node importers for enabling sysview import of users,groupd and acls. unfortunately, they are only
enabled when the respective config is set:

<Import>
  <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
  <ProtectedPropertyImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
    <param name="importBehavior" value="besteffort"/>
  </ProtectedPropertyImporter>
</Import>

i think we should enable them by default, i.e. for an empty config. if someone wants to disable them, they can still reference the default importers:

<Import>
  <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedNodeImporter"/>
  <ProtectedPropertyImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedPropertyImporter" />
</Import>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JCR-2399) Enable protected security importers by default

Posted by "Tobias Bocanegra (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JCR-2399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12780551#action_12780551 ] 

Tobias Bocanegra commented on JCR-2399:
---------------------------------------

it's all about first experience. if you want to export/import users or acls and it does not work right away, and give you some weird errors, like "jcr:principalName" is mandatory, then you pretty lost. and you dig deep in mails and docs to find the right solution.

better make things work smoothly per default and offer the configuration to change and/or harden it.


> Enable protected security importers by default
> ----------------------------------------------
>
>                 Key: JCR-2399
>                 URL: https://issues.apache.org/jira/browse/JCR-2399
>             Project: Jackrabbit Content Repository
>          Issue Type: Wish
>          Components: jackrabbit-core
>    Affects Versions: 2.0-beta1
>            Reporter: Tobias Bocanegra
>         Attachments: default_importers.r882540.patch
>
>
> We added those cool protected property and node importers for enabling sysview import of users,groupd and acls. unfortunately, they are only
> enabled when the respective config is set:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
>     <param name="importBehavior" value="besteffort"/>
>   </ProtectedPropertyImporter>
> </Import>
> i think we should enable them by default, i.e. for an empty config. if someone wants to disable them, they can still reference the default importers:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedNodeImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedPropertyImporter" />
> </Import>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JCR-2399) Enable protected security importers by default

Posted by "Tobias Bocanegra (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-2399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tobias Bocanegra updated JCR-2399:
----------------------------------

    Status: Patch Available  (was: Open)

patch is attached.

> Enable protected security importers by default
> ----------------------------------------------
>
>                 Key: JCR-2399
>                 URL: https://issues.apache.org/jira/browse/JCR-2399
>             Project: Jackrabbit Content Repository
>          Issue Type: Wish
>          Components: jackrabbit-core
>    Affects Versions: 2.0-beta1
>            Reporter: Tobias Bocanegra
>         Attachments: default_importers.r882540.patch
>
>
> We added those cool protected property and node importers for enabling sysview import of users,groupd and acls. unfortunately, they are only
> enabled when the respective config is set:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
>     <param name="importBehavior" value="besteffort"/>
>   </ProtectedPropertyImporter>
> </Import>
> i think we should enable them by default, i.e. for an empty config. if someone wants to disable them, they can still reference the default importers:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedNodeImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedPropertyImporter" />
> </Import>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JCR-2399) Enable protected security importers by default

Posted by "angela (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JCR-2399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12781844#action_12781844 ] 

angela commented on JCR-2399:
-----------------------------

> but why not making our life easier?

I'm not convinced that this change would make our life any easier. this import extensions is just one piece
from a whole bunch of additional configuration and functionality extensions we need at Day in order to work 
around self made problems... and I don't think we should discuss those in the public, shouldn't we?

> btw: whatever the default is, an import should not leave the transient space in a weird state, like the 
> missing jcr:principalName properties after a user import.

that's the consequence of the compromise I agreed on, although I already wished several time I hadn't. the user nodes were protected in the past for good reasons and there was no wired state whatsoever if I hadn't agreed to relax that restriction for Day specific needs. 

> Enable protected security importers by default
> ----------------------------------------------
>
>                 Key: JCR-2399
>                 URL: https://issues.apache.org/jira/browse/JCR-2399
>             Project: Jackrabbit Content Repository
>          Issue Type: Wish
>          Components: jackrabbit-core
>    Affects Versions: 2.0-beta1
>            Reporter: Tobias Bocanegra
>         Attachments: default_importers.r882540.patch
>
>
> We added those cool protected property and node importers for enabling sysview import of users,groupd and acls. unfortunately, they are only
> enabled when the respective config is set:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
>     <param name="importBehavior" value="besteffort"/>
>   </ProtectedPropertyImporter>
> </Import>
> i think we should enable them by default, i.e. for an empty config. if someone wants to disable them, they can still reference the default importers:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedNodeImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedPropertyImporter" />
> </Import>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JCR-2399) Enable protected security importers by default

Posted by "Stefan Guggisberg (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JCR-2399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12780546#action_12780546 ] 

Stefan Guggisberg commented on JCR-2399:
----------------------------------------

> i think we should enable them by default,  i.e. for an empty config.

why?  if someone wants to enable them, they can still do so. 


> Enable protected security importers by default
> ----------------------------------------------
>
>                 Key: JCR-2399
>                 URL: https://issues.apache.org/jira/browse/JCR-2399
>             Project: Jackrabbit Content Repository
>          Issue Type: Wish
>          Components: jackrabbit-core
>    Affects Versions: 2.0-beta1
>            Reporter: Tobias Bocanegra
>         Attachments: default_importers.r882540.patch
>
>
> We added those cool protected property and node importers for enabling sysview import of users,groupd and acls. unfortunately, they are only
> enabled when the respective config is set:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
>     <param name="importBehavior" value="besteffort"/>
>   </ProtectedPropertyImporter>
> </Import>
> i think we should enable them by default, i.e. for an empty config. if someone wants to disable them, they can still reference the default importers:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedNodeImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedPropertyImporter" />
> </Import>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JCR-2399) Enable protected security importers by default

Posted by "Tobias Bocanegra (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JCR-2399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12780746#action_12780746 ] 

Tobias Bocanegra commented on JCR-2399:
---------------------------------------

but why not making our life easier? it's about system view export and import. and until now, we could import nodes with uuids (protected) and version information (protected). so that content was more-or-less roundtrippable with the default configuration.

now with the ACL in the content, it would not be roundtrippable anymore and i have to figure out what weird config (weird, from an end user perspective) i have to tweak to get my import running?

what do we loose if we make the expected behavior the default one?

> Enable protected security importers by default
> ----------------------------------------------
>
>                 Key: JCR-2399
>                 URL: https://issues.apache.org/jira/browse/JCR-2399
>             Project: Jackrabbit Content Repository
>          Issue Type: Wish
>          Components: jackrabbit-core
>    Affects Versions: 2.0-beta1
>            Reporter: Tobias Bocanegra
>         Attachments: default_importers.r882540.patch
>
>
> We added those cool protected property and node importers for enabling sysview import of users,groupd and acls. unfortunately, they are only
> enabled when the respective config is set:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
>     <param name="importBehavior" value="besteffort"/>
>   </ProtectedPropertyImporter>
> </Import>
> i think we should enable them by default, i.e. for an empty config. if someone wants to disable them, they can still reference the default importers:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedNodeImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedPropertyImporter" />
> </Import>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Issue Comment Edited: (JCR-2399) Enable protected security importers by default

Posted by "angela (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JCR-2399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12781844#action_12781844 ] 

angela edited comment on JCR-2399 at 11/24/09 9:56 AM:
-------------------------------------------------------

> but why not making our life easier?

I'm not convinced that this change would make our life any easier. this import extensions is just one piece
from a whole bunch of additional configuration and functionality extensions we need at Day in order to work 
around self made problems... and I don't think we should discuss those in the public, should we?

> btw: whatever the default is, an import should not leave the transient space in a weird state, like the 
> missing jcr:principalName properties after a user import.

that's the consequence of the compromise I agreed on, although I already wished several time I hadn't. the user nodes were protected in the past for good reasons and there was no wired state whatsoever if I hadn't agreed to relax that restriction for Day specific needs. 

      was (Author: anchela):
    > but why not making our life easier?

I'm not convinced that this change would make our life any easier. this import extensions is just one piece
from a whole bunch of additional configuration and functionality extensions we need at Day in order to work 
around self made problems... and I don't think we should discuss those in the public, shouldn't we?

> btw: whatever the default is, an import should not leave the transient space in a weird state, like the 
> missing jcr:principalName properties after a user import.

that's the consequence of the compromise I agreed on, although I already wished several time I hadn't. the user nodes were protected in the past for good reasons and there was no wired state whatsoever if I hadn't agreed to relax that restriction for Day specific needs. 
  
> Enable protected security importers by default
> ----------------------------------------------
>
>                 Key: JCR-2399
>                 URL: https://issues.apache.org/jira/browse/JCR-2399
>             Project: Jackrabbit Content Repository
>          Issue Type: Wish
>          Components: jackrabbit-core
>    Affects Versions: 2.0-beta1
>            Reporter: Tobias Bocanegra
>         Attachments: default_importers.r882540.patch
>
>
> We added those cool protected property and node importers for enabling sysview import of users,groupd and acls. unfortunately, they are only
> enabled when the respective config is set:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
>     <param name="importBehavior" value="besteffort"/>
>   </ProtectedPropertyImporter>
> </Import>
> i think we should enable them by default, i.e. for an empty config. if someone wants to disable them, they can still reference the default importers:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedNodeImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedPropertyImporter" />
> </Import>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JCR-2399) Enable protected security importers by default

Posted by "angela (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JCR-2399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12780612#action_12780612 ] 

angela commented on JCR-2399:
-----------------------------

i deliberately didn't set the protected-item-importers as default behavior in order to keep it the way it
always was in jackrabbit: protected items are ignored upon session/workspace import xml.

that's way the default is called default btw... the extra stuff should be in addition. and i considered import
of protected items to be the addition....

> Enable protected security importers by default
> ----------------------------------------------
>
>                 Key: JCR-2399
>                 URL: https://issues.apache.org/jira/browse/JCR-2399
>             Project: Jackrabbit Content Repository
>          Issue Type: Wish
>          Components: jackrabbit-core
>    Affects Versions: 2.0-beta1
>            Reporter: Tobias Bocanegra
>         Attachments: default_importers.r882540.patch
>
>
> We added those cool protected property and node importers for enabling sysview import of users,groupd and acls. unfortunately, they are only
> enabled when the respective config is set:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
>     <param name="importBehavior" value="besteffort"/>
>   </ProtectedPropertyImporter>
> </Import>
> i think we should enable them by default, i.e. for an empty config. if someone wants to disable them, they can still reference the default importers:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedNodeImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedPropertyImporter" />
> </Import>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JCR-2399) Enable protected security importers by default

Posted by "Tobias Bocanegra (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-2399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tobias Bocanegra updated JCR-2399:
----------------------------------

    Attachment: default_importers.r882540.patch

patch that fixes this issue

> Enable protected security importers by default
> ----------------------------------------------
>
>                 Key: JCR-2399
>                 URL: https://issues.apache.org/jira/browse/JCR-2399
>             Project: Jackrabbit Content Repository
>          Issue Type: Wish
>          Components: jackrabbit-core
>    Affects Versions: 2.0-beta1
>            Reporter: Tobias Bocanegra
>         Attachments: default_importers.r882540.patch
>
>
> We added those cool protected property and node importers for enabling sysview import of users,groupd and acls. unfortunately, they are only
> enabled when the respective config is set:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
>     <param name="importBehavior" value="besteffort"/>
>   </ProtectedPropertyImporter>
> </Import>
> i think we should enable them by default, i.e. for an empty config. if someone wants to disable them, they can still reference the default importers:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedNodeImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedPropertyImporter" />
> </Import>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JCR-2399) Enable protected security importers by default

Posted by "Tobias Bocanegra (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JCR-2399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12781432#action_12781432 ] 

Tobias Bocanegra commented on JCR-2399:
---------------------------------------

btw: whatever the default is, an import should not leave the transient space in a weird state, like the missing jcr:principalName properties after a user import.

> Enable protected security importers by default
> ----------------------------------------------
>
>                 Key: JCR-2399
>                 URL: https://issues.apache.org/jira/browse/JCR-2399
>             Project: Jackrabbit Content Repository
>          Issue Type: Wish
>          Components: jackrabbit-core
>    Affects Versions: 2.0-beta1
>            Reporter: Tobias Bocanegra
>         Attachments: default_importers.r882540.patch
>
>
> We added those cool protected property and node importers for enabling sysview import of users,groupd and acls. unfortunately, they are only
> enabled when the respective config is set:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
>     <param name="importBehavior" value="besteffort"/>
>   </ProtectedPropertyImporter>
> </Import>
> i think we should enable them by default, i.e. for an empty config. if someone wants to disable them, they can still reference the default importers:
> <Import>
>   <ProtectedNodeImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedNodeImporter"/>
>   <ProtectedPropertyImporter class="org.apache.jackrabbit.core.xml.DefaultProtectedPropertyImporter" />
> </Import>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.