Hi, On Thu, Oct 4, 2018 at 1:51 PM Carsten Ziegeler <[email protected]> wrote: > ...I'm a little bit unclear what this proposal is trying to solve?..
The typical case is a DangerousServlet registered for the rt/danger resource type, which should be restricted to a subset of users. Any user who can create a Resource with the rt/danger resource type can execute the DangerousServlet. Same for scripts. There are workarounds: limit the paths on which the servlet can operate and protect those paths, or check for a configurable permission in the servlet's code as Eric mentions - but having a cleaner mechanism makes sense IMO. -Bertrand
