[
https://issues.apache.org/jira/browse/JCR-2867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12984363#action_12984363
]
Jukka Zitting commented on JCR-2867:
------------------------------------
Good point about a credentials attribute! It's much better than my idea.
Re: anonymous user; You might still want this session to have read access to
content that may otherwise be protected.
> Read-only session
> -----------------
>
> Key: JCR-2867
> URL: https://issues.apache.org/jira/browse/JCR-2867
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core
> Reporter: Jukka Zitting
>
> It would be nice to have a way to declare that a given JCR session will only
> be used for reading, regardless of the access rights of the logged in user.
> This would be useful for example in web applications that want to enforce
> constraints like allowing no writes during processing of GET requests.
> This could be implemented for example as a per-session flag that could be set
> through an extra parameter in the login() call, like this:
> repository.login("workspace-name?readonly", credentials);
> Alternatively a security manager could be connected with a ThreadLocal
> variable set for example by a servlet filter based on the current request
> method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
