Felix Meschberger
Mon, 25 Jan 2010 06:25:27 -0800
Hi, On 25.01.2010 15:02, Jukka Zitting wrote: > Hi, > > On Mon, Jan 25, 2010 at 9:45 AM, <fmesc...@apache.org> wrote: >> + Session loginAdministrative(String workspace) throws LoginException, >> + NoSuchWorkspaceException, RepositoryException; > > I quite dislike this method, as it essentially gives all clients the > ability to access the repository as administrators. There's no way for > the repository implementation to verify that the client is doing the > right thing. > > I'd rather see such functionality exposed through normal credentials > with some shared secret, or alternatively through the
> RepositoryManager interface for which we already solved the > "administrator-only" access problem. Please excuse my ignorance: What RepositoryManager interface are you talking of. The one I find in org.apache.jackrabbit.api.management.RepositoryManager and its implementation o.a.j.core.RepositoryManagerImpl do not seem to "solve" this issue. Actually: the JackrabbitRepository.shutdown() method is also very dangerous and does not require any level of protection. Or am I misssing something ? Regards Felix