[ofbiz-framework] branch trunk updated: Documented: give some information on how to quickly override security in content

Thu, 22 Jul 2021 05:01:43 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 4fe5ded  Documented: give some information on how to quickly override 
security in content
4fe5ded is described below

commit 4fe5ded7fe6af78c27a9841c9a663ffb07bce500
Author: Jacques Le Roux <[email protected]>
AuthorDate: Thu Jul 22 12:33:12 2021 +0200

    Documented: give some information on how to quickly override security in 
content
---
 applications/content/src/docs/asciidoc/content.adoc | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/applications/content/src/docs/asciidoc/content.adoc 
b/applications/content/src/docs/asciidoc/content.adoc
index b4b2214..4ad0865 100644
--- a/applications/content/src/docs/asciidoc/content.adoc
+++ b/applications/content/src/docs/asciidoc/content.adoc
@@ -50,6 +50,19 @@ The ContentAssoc entity has a four part primary key and 
other fields that are us
 The key specifies the 'to' Content and the 'from' Content, as well as the type 
of association and its effective date.
 See the discussion of the ContentAssoc entity for more information on how 
content is related.
 
+== Security
+All services defined in the content component are safely secured. If you are 
in a safe environment, want to save more complex contents and get blocked by 
the security policy you might want to override the security only in the content 
component.
+
+Typically when using content/control/WebSiteCms?webSiteId=CmsSite (ie 
"Edit[ing] WebSite CMS For: CMS Web Site [CmsSite]"), the service 
updateTextContent may prevent you to save contents with a message like
+
+[WARNING]
+The Following Errors Occurred:
+In field [textData] by our input policy, your input has not been accepted for 
security reason. Please check and modify accordingly, thanks.
+
+To override the security you can change definitions of other content services 
by changing the security on field "textData" from "safe" to "any". That's of 
course an example and you may find other similar cases. 
+
+You may also prefer to change the security policy at an upper level. See 
owasp.properties file.
+
 == Major CMS entities
 
 === DataResource

Reply via email to