Hi, IMHO the changes to the AuthorizableImpl in JR 1.6 are problematic This relates to the following set of properties.
rep:principalName rep:userId rep:referees rep:groups rep:impersonators rep:password Prior to 1.6 a request curl http://admin:ad...@localhost:8080/system/userManager/user/admin.json gave something like { rep:userId : admin rep:principalName: admin .... } rep:password might have been there and should not have been, however now curl http://admin:ad...@localhost:8080/system/userManager/user/admin.json gives {} There is no way of doing anything useful with this response, other than deducing from the URL that the userid probably was admin and the principalName might have been admin. ------------------------------------ 2 questions. 1. Would it be acceptable to add some of these properties back into the AuthorizableValueMap so that the response become useful ? eg rep:principalName rep:userId rep:referees rep:groups rep:impersonators 2. Is there any chance that JR is going to distinguish between read-deny and read-only properties on authorizables ? Ian
