[
https://issues.apache.org/jira/browse/SLING-11678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17634762#comment-17634762
]
Carsten Ziegeler commented on SLING-11678:
------------------------------------------
The answer is easy, back then no OSGi Http Whiteboard existed; a dependency to
the web console does not make sense as this has nothing to do with the
webconsole.
Today the OSGi Http Whiteboard could be used and we could simply associate it
with the Sling context which supports authentication
> Protect the Tooling Support Install servlet
> -------------------------------------------
>
> Key: SLING-11678
> URL: https://issues.apache.org/jira/browse/SLING-11678
> Project: Sling
> Issue Type: Improvement
> Reporter: Konrad Windszus
> Priority: Major
>
> Currently the endpoint provided by Tooling Support Endpoint doesn't require
> authentication so every anonymous user can install arbitrary bundles.
> I would suggest to migrate the endpoint to a [web console
> plugin|https://felix.apache.org/documentation/subprojects/apache-felix-web-console/extending-the-apache-felix-web-console/providing-web-console-plugins.html]
> to benefit from its built in authentication.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
