[jira] [Commented] (SLING-6130) Restrict access for principal everyone and move configuration to repoinit

Mon, 24 Oct 2016 03:22:13 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-6130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15601556#comment-15601556
 ] 

Oliver Lietz commented on SLING-6130:
-------------------------------------

Sure, just a timeout (no failures in {{error.log}}, Sling starts and stops 
properly):

{noformat}
Running org.apache.sling.launchpad.SmokeIT
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in 
[jar:file:/[...]/.m2/repository/ch/qos/logback/logback-classic/1.1.7/logback-classic-1.1.7.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in 
[jar:file:/[...]/.m2/repository/org/slf4j/slf4j-simple/1.5.2/slf4j-simple-1.5.2.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type 
[ch.qos.logback.classic.util.ContextSelectorStaticBinder]
Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: 
/[...]/sling/trunk/launchpad/builder/target/_-53965/ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties
Not found in 'user.home' ([...]) directory: /[...]/esapi/ESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: 
java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.
SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using 
class loader for DefaultSecurityConfiguration class!
Attempting to load validation.properties via file I/O.
Attempting to load validation.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: 
/[...]/sling/trunk/launchpad/builder/target/_-53965/validation.properties
Not found in SystemResource Directory/resourceDirectory: 
.esapi/validation.properties
Not found in 'user.home' ([...]) directory: [...]/esapi/validation.properties
Loading validation.properties via file I/O failed.
Attempting to load validation.properties via the classpath.
SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/ (root)' 
using class loader for DefaultSecurityConfiguration class!
Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 61.282 sec <<< 
FAILURE! - in org.apache.sling.launchpad.SmokeIT
org.apache.sling.launchpad.SmokeIT  Time elapsed: 61.281 sec  <<< ERROR!
java.lang.RuntimeException: Launchpad not ready. Failed check for URL 
http://localhost:53965/server/default/jcr:root with message 'Status code is 
HTTP/1.1 404 Not Found'
        at 
org.apache.sling.launchpad.LaunchpadReadyRule.runCheck(LaunchpadReadyRule.java:96)
        at 
org.apache.sling.launchpad.LaunchpadReadyRule.before(LaunchpadReadyRule.java:66)
        at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:46)
        at org.junit.rules.RunRules.evaluate(RunRules.java:20)
        at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
        at 
org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:283)
        at 
org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:173)
        at 
org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153)
        at 
org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:128)
        at 
org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203)
        at 
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155)
        at 
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103)


Results :

Tests in error: 
  SmokeIT.org.apache.sling.launchpad.SmokeIT ยป Runtime Launchpad not ready. 
Fail...

Tests run: 1, Failures: 0, Errors: 1, Skipped: 0
{noformat}


> Restrict access for principal everyone and move configuration to repoinit
> -------------------------------------------------------------------------
>
>                 Key: SLING-6130
>                 URL: https://issues.apache.org/jira/browse/SLING-6130
>             Project: Sling
>          Issue Type: Improvement
>          Components: JCR, Oak
>    Affects Versions: JCR Oak Server 1.1.0
>            Reporter: Oliver Lietz
>            Assignee: Oliver Lietz
>              Labels: security
>             Fix For: JCR Oak Server 1.1.2
>
>
> Currently {{everyone}} can {{read}} from {{/}} (configured in 
> {{OakSlingRepositoryManager}}).
> Access for {{everyone}} should be restricted:
> * {{read}} should be restricted to {{/content}}
> * configuration of principals and ACLs should be done with _repoinit_
> # -Change path from {{/}} to {{/content}} in {{OakSlingRepositoryManager}}- 
> (/) (-[r1764259|https://svn.apache.org/r1764259]-)
> # Fix modules (samples) relying on _unrestricted_ {{read}} access
> # Move configuration of ACLs to _repoinit_ (/)
> discussion on 
> [dev@|https://lists.apache.org/thread.html/36908ed62ac93c63cad594a897f8abceb93f08da5bcea30dbce98e58@%3Cdev.sling.apache.org%3E]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to