[
https://issues.apache.org/jira/browse/JCR-2748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12920348#action_12920348
]
Justin Edelson commented on JCR-2748:
-------------------------------------
thanks Angela
> provide a (relatively) simple way to disable anonymous access to the security
> workspace
> ---------------------------------------------------------------------------------------
>
> Key: JCR-2748
> URL: https://issues.apache.org/jira/browse/JCR-2748
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core, security
> Reporter: Justin Edelson
> Fix For: 2.2.0
>
> Attachments: JCR-2748-take2.patch, JCR-2748.patch
>
>
> As discussed in this thread:
> http://sling.markmail.org/thread/st52jejjuxykfxtj, the security workspace is,
> by default, configured with an AccessControlProvider which provides a fixed
> access control policy (i.e.
> o.a.j.core.security.user.UserAccessControlProvider). In order to prevent
> anonymous access to security-related nodes requires the use of an alternate
> AccessControlProvider.
> The attached patch provides a simpler mechanism. By adding
> <param name="anonymousAccessToSecurityWorkspace" value="false" />
> to the configuration of the DefaultSecurityManager, anonymous access to the
> security workspace is forbidden.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
