This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new cc96de6 Add security warning for Implementations
cc96de6 is described below
commit cc96de6c37163b258040a04ed4b01a2ed81cdb46
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Tue Jun 16 14:15:00 2020 +0200
Add security warning for Implementations
---
.../asciidoc/reference-guide/concepts/implementations.adoc | 13 ++++++++++++-
.../workingwithapachesyncope/customization.adoc | 3 ++-
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/main/asciidoc/reference-guide/concepts/implementations.adoc
b/src/main/asciidoc/reference-guide/concepts/implementations.adoc
index 8070284..76a502b 100644
--- a/src/main/asciidoc/reference-guide/concepts/implementations.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/implementations.adoc
@@ -25,4 +25,15 @@ Starting with Apache Syncope 2.1, it is possible to provide
implementations suit
. http://www.groovy-lang.org/[Apache Groovy^] classes
While the former shows some advantages about execution performance, the latter
is extremely useful as it allows for
-runtime updates, freeing from the hassle to redeploy when something needs to
be changed.
\ No newline at end of file
+runtime updates, freeing from the hassle to redeploy when something needs to
be changed.
+
+[WARNING]
+.With great power comes great responsibility
+====
+Customizing and extending the Core behavior by uploading a Groovy class via
REST adds further flexibility to the
+platform, allows to speed up the development cycle and can be used as Swiss
army knife for maintenance and
+administration.
+
+Please beware that granting the permission to manage Implementations to
non-admin users can result in security threat,
+as there is virtually no limitation in what the Groovy code has access to.
+====
diff --git
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
index c349e81..737998c 100644
---
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
+++
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
@@ -209,7 +209,8 @@ implementations, their package *must* be rooted under
`org.apache.syncope.core`,
at runtime.
Besides replacing existing classes as explained <<override-behavior,above>>,
new <<implementations,implementations>> can
-be provided - under `core/src/main/java` if Java - for the following
components:
+be provided - in the source tree under `core/src/main/java` when Java or via
REST services if Groovy - for the following
+components:
* <<propagationactions,propagation>>, <<pushactions,push>>,
<<pullactions,pull>> and <<logicactions,logic>> actions
* <<push-correlation-rules,push>> / <<pull-correlation-rules,pull>>
correlation rules
