[
https://issues.apache.org/jira/browse/JCR-2867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12984380#action_12984380
]
Jukka Zitting commented on JCR-2867:
------------------------------------
My idea here is that you could use this mechanism to enforce high-level
constraints like "no writes on GET". This is orthogonal to normal access rights
and is typically hard to control otherwise when you're dealing with potentially
buggy components that you don't have direct control over.
> Read-only session
> -----------------
>
> Key: JCR-2867
> URL: https://issues.apache.org/jira/browse/JCR-2867
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core
> Reporter: Jukka Zitting
>
> It would be nice to have a way to declare that a given JCR session will only
> be used for reading, regardless of the access rights of the logged in user.
> This would be useful for example in web applications that want to enforce
> constraints like allowing no writes during processing of GET requests.
> This could be implemented for example as a per-session flag that could be set
> through an extra parameter in the login() call, like this:
> repository.login("workspace-name?readonly", credentials);
> Alternatively a security manager could be connected with a ThreadLocal
> variable set for example by a servlet filter based on the current request
> method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
