[jira] [Updated] (SLING-3435) ResourceAccessSecurity does not secure access for update operations

Marius Petria (JIRA) Wed, 05 Mar 2014 08:20:09 -0800

     [ 
https://issues.apache.org/jira/browse/SLING-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Marius Petria updated SLING-3435:
---------------------------------

    Attachment: SLING-3435.patch

I modified to ResourceAccessSecurityImpl to check the gates registered for 
update operations and return a resource wrapper that cannot be adapted to 
ModifiableValueMap.

Also, I added ModifiableResourceAccessGateFactory which checks a node for all 
jcr permissions in order to authorize CRUD operations on a resourceprovider.

> ResourceAccessSecurity does not secure access for update operations
> -------------------------------------------------------------------
>
>                 Key: SLING-3435
>                 URL: https://issues.apache.org/jira/browse/SLING-3435
>             Project: Sling
>          Issue Type: Bug
>          Components: ResourceResolver
>            Reporter: Marius Petria
>         Attachments: SLING-3435.patch
>
>
> ResourceAccessSecurity should use gates registered for update operations in 
> order to secure access to modifiable value maps.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (SLING-3435) ResourceAccessSecurity does not secure access for update operations

Reply via email to