[
https://issues.apache.org/jira/browse/SLING-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marius Petria updated SLING-3435:
---------------------------------
Attachment: SLING-3435.2.patch
I added also some integration tests. For that I moved the reourceaccesssecurity
bundle in a sub folder to be at the same level as integration tests. Please let
me know if the folder hierarchy is not good.
Things to have in mind:
1. The last two tests in SecuredJcrResourceProviderTest depend on SLING-3438
(they can be ignored until that one is applied)
2. AccessGateResourceWrapper protects against updates done to a
modifiablevaluemap. I added also an extra protection for accidental
modifications done via a valuemap or a map (which are base types for
modifiablevaluemap). This is not strictly necessary but without such a
mechanism security can be easily be surpassed. However, any comments on how
this can be done better are highly welcomed.
> ResourceAccessSecurity does not secure access for update operations
> -------------------------------------------------------------------
>
> Key: SLING-3435
> URL: https://issues.apache.org/jira/browse/SLING-3435
> Project: Sling
> Issue Type: New Feature
> Components: ResourceResolver
> Reporter: Marius Petria
> Assignee: Mike Müller
> Attachments: SLING-3435.1.patch, SLING-3435.2.patch, SLING-3435.patch
>
>
> ResourceAccessSecurity should use gates registered for update operations in
> order to secure access to modifiable value maps.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
