[
https://issues.apache.org/jira/browse/SLING-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13937288#comment-13937288
]
Mike Müller commented on SLING-3435:
------------------------------------
Ok, I reviewed to code and made some minor modifications. I also extended the
tests with the following concept:
- 4 provider access gates (2 normal and 2 with finaloperations) and 4
application access gates (2 normal and 2 with finaloperations)
- a resource provider with the flag useResourceAccesssecurity set to true and
one without the flag
With this setup we can easily make a lot of tests with different
ResourceAccessGate implementations registered. With the new tests I found some
issues and corrected them.
I also separated the tests (and setup) which depends on SLING-3438. The tests
here shouldn't be dependent on a bundle in the contrib. But I suggest you
transfer them directly to the contrib/jcr/resourcesecurity bundle (maybe make
there a core and it directory as well).
I committed this the updated ResourceAccessSecurity bundle with the new
integration test bundle in r1578141.
Please let me know if you find some issues.
> ResourceAccessSecurity does not secure access for update operations
> -------------------------------------------------------------------
>
> Key: SLING-3435
> URL: https://issues.apache.org/jira/browse/SLING-3435
> Project: Sling
> Issue Type: New Feature
> Components: ResourceResolver
> Reporter: Marius Petria
> Assignee: Mike Müller
> Attachments: SLING-3435.1.patch, SLING-3435.2.patch, SLING-3435.patch
>
>
> ResourceAccessSecurity should use gates registered for update operations in
> order to secure access to modifiable value maps.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
