[
https://issues.apache.org/jira/browse/JCR-2867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12984290#action_12984290
]
angela commented on JCR-2867:
-----------------------------
> It would be nice to have a way to declare that a given JCR session ...
this would also be very useful for the SystemSessions. In many conditions they
are used for read-only access to
the repository but there is not way to enforce it... as long as a single
developer operates on the code and remembers
the original aim this works fine... but i would have wished many times, that i
could explicitly get a read-only system
session making sure that it really isn't used for writing.
> Read-only session
> -----------------
>
> Key: JCR-2867
> URL: https://issues.apache.org/jira/browse/JCR-2867
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core
> Reporter: Jukka Zitting
>
> It would be nice to have a way to declare that a given JCR session will only
> be used for reading, regardless of the access rights of the logged in user.
> This would be useful for example in web applications that want to enforce
> constraints like allowing no writes during processing of GET requests.
> This could be implemented for example as a per-session flag that could be set
> through an extra parameter in the login() call, like this:
> repository.login("workspace-name?readonly", credentials);
> Alternatively a security manager could be connected with a ThreadLocal
> variable set for example by a servlet filter based on the current request
> method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
