[
https://issues.apache.org/jira/browse/SLING-10070?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karl Pauls resolved SLING-10070.
--------------------------------
Resolution: Fixed
> Option to enforce principal-based authorization
> -----------------------------------------------
>
> Key: SLING-10070
> URL: https://issues.apache.org/jira/browse/SLING-10070
> Project: Sling
> Issue Type: New Feature
> Components: Content-Package to Feature Model Converter
> Reporter: Angela Schreiber
> Assignee: Karl Pauls
> Priority: Major
> Fix For: Content-Package to Feature Model Converter 1.0.26
>
>
> while addressing SLING-9692 an configuration for enforcing principal-based
> authorization upon content package conversion was introduced. however,
> [~karlpauls] and myself discussed the impact of the forced migration and
> found that some additional verification might be needed:
> in the following cases the forced conversion to principal-based is needed
> - service-mapping in the format {{bundle.subservice=[userfromcontentpackage,
> built-in-with-principal-based-authorization]}} will require the
> _userfromcontentpackage_ to be installed with prinicipal-based ac setup if
> the built-in user no longer has resource-based ac setup defined
> in the following case however it is not desirable
> - service-mapping in the format {{bundle.subservice=userfromcontentpackage}}
> -> service login will resolve group membership (group principals not
> supported by principal-based authorization. see oak documentation and
> exercises for details)
> in the following cases it is not required but is likely beneficial given that
> ultimately all service user permissions should be defined with
> principal-based access control setup
> - service-mapping in the format
> {{bundle.subservice=[userfromcontentpackage]}}
> - service-mapping in the format {{bundle.subservice=[userfromcontentpackage,
> anotheruserfromcontentpackage]}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
