provide a (relatively) simple way to disable anonymous access to the security
workspace
---------------------------------------------------------------------------------------
Key: JCR-2748
URL: https://issues.apache.org/jira/browse/JCR-2748
Project: Jackrabbit Content Repository
Issue Type: Improvement
Components: jackrabbit-core, security
Reporter: Justin Edelson
As discussed in this thread: http://sling.markmail.org/thread/st52jejjuxykfxtj,
the security workspace is, by default, configured with an AccessControlProvider
which provides a fixed access control policy (i.e.
o.a.j.core.security.user.UserAccessControlProvider). In order to prevent
anonymous access to security-related nodes requires the use of an alternate
AccessControlProvider.
The attached patch provides a simpler mechanism. By adding
<param name="anonymousAccessToSecurityWorkspace" value="false" />
to the configuration of the DefaultSecurityManager, anonymous access to the
security workspace is forbidden.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
