Hi, It is true that a wrapper is returned for read operations. However it seems that the support for updates is not done (see [1] and [2]).
There are two things that need to be fixed: 1. the ResourceAccessSecurityImpl.getReadableResource should return a resourcewrapper whenever the resource is adaptable to ModifiableMap 2. the resource wrapper should actually do the access checks as it currently does nothing Marius [1] https://github.com/apache/sling/search?q=AccessGateResourceWrapper [2] https://github.com/apache/sling/blob/f0b16cd1215f8492bd54a608945bebf7ef4b3f9c/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java#L103 > -----Original Message----- > From: Carsten Ziegeler [mailto:[email protected]] > Sent: Wednesday, March 05, 2014 2:48 PM > To: [email protected] > Subject: Re: ResourceAccessSecurity for ModifiableValueMaps is not yet > supported > > I think the idea of the implementation is, that the ResourceAccessSecurity > returns a resource wrapper for the resource which overwrites adaptTo and > then returns a wrapped map for the checks. > > But Mike probably knows more about it > > Carsten > > > 2014-03-05 11:47 GMT+01:00 Marius Petria <[email protected]>: > > > Hi, > > > > > > > > I am trying to secure access to a ModifiableResourceProvider using a > > ResourceAccessSecurityGate. Typically a modifiable resource holds a > > reference to its provider and calls it whenever a value is changed > > (see [1]). However this pattern goes arround the > > ResourceAccessSecurity checks which are done in the ProviderHandler (see > [2]). > > > > > > > > How should we support ModifiableResources for ResourceAccessSecurity > > checks? Ultimately I think we might need to expose an api for sending > > changes to a resourceprovider and have a utility wrapper (like the > > ProviderHandler) that enforces security on all methods. > > > > > > > > Marius > > > > > > > > > > > > > > > > [1] > > > https://github.com/apache/sling/blob/62b1ff1f8dcc9c4060b9f025ff915abb9 > > > 779780c/contrib/extensions/mongodb/src/main/java/org/apache/sling/mon > g > > odb/impl/ChangeableValueMap.java > > > > [2] > > > https://github.com/apache/sling/blob/838ec33748f6cb5eb21d9dd0d8106ade > c > > c001f97/bundles/resourceresolver/src/main/java/org/apache/sling/resour > > ceresolver/impl/tree/ProviderHandler.java > > > > > > > > > > > -- > Carsten Ziegeler > [email protected]
