Jason E Bailey wrote> I did not mean to imply that you couldn't browse the tree :):)
> > Rather, for me to configure ACL on a script right now I can use composum or > crxde to go to the script and change the ACL on the parent of that script. > My expectation for "the best way" to handle authentication for a servlet > would be to use composum or crxde and go to the resource that the servlet > creates and sets the authentication for that servlet on it's parent the same > way that I would do for a script. But again, aren't we using a service user to read/execute the script? > > IMHO I think the loose end is that the focus is too narrow. One of the things > that came out of the adaptTo is the desire to be able to replace the jcr with > other resourceProviders. The last real step to that goal is an implementation > of a security architecture that replaces what the jcr provides and instead > turns the jcr into just another resourceprovider that also plugs into the > Sling security architecture. Well, this will be a fun discussion :) Adding security on top of something is usually easier to be bypassed than having security built-in. But I would like to get briefly back to the use case of this "dangerous servlet". Why isn't that servlet doing the permission checks which I think is way safer than relying on additional magic somewhere else (regardless of what it is)? Regards Carsten > > -- > Jason > > On Thu, Oct 4, 2018, at 11:43 AM, Carsten Ziegeler wrote: >> I would say, yes you can to both of it :) >> >> ResourceAccessGate has different permissions, one of them is execute. So >> if we base the solution on that, you can still browse the tree. The >> implementation of a RAG can do whatever it wants, so it can read >> permissions from somewhere. >> >> But maybe I'm overlooking something, when it comes to reading/executing >> a script, atm a service user is used for that, not the current user. >> That's to avoid to open up the search paths for everyone to read. >> >> So I think there are more loose ends here. >> >> Regards >> >> Carsten >> >> >> Jason E Bailey wrote >>> I'm beginning to think that there is two different mental models that >>> people who work with Sling take on. One is an OSGi model, where a solution >>> can be achieved via a Service and the creation and configuration of that >>> service(s). The other is a resource centric model where everything must be >>> exposed as a resource, and be configurable by changing properties on a >>> resource. >>> >>> From a resource pov the ResourceAccessGate is difficult and potentially >>> fails because I can't go through the resource tree and see what is and >>> isn't protected on the tree itself, nor can I configure a ResourcAccessGate >>> by defining permissions on a node. >>> >>> -- >>> Jason >>> >>> On Thu, Oct 4, 2018, at 11:15 AM, Carsten Ziegeler wrote: >>>> Why is that? I think that's a bold statement. >>>> >>>> ResourceAccessGate has been developed (afaik) with this use case in mind. >>>> >>>> Carsten >>>> >>>> >>>> Bertrand Delacretaz wrote >>>>> Hi, >>>>> >>>>> On Thu, Oct 4, 2018 at 4:43 PM Julian Sedding <[email protected]> wrote: >>>>>> ...I am still convinced that this issue could be simply and >>>>>> elegantly be solved with a ResourceAccessGate for both servlets and >>>>>> scripts in a generic way... >>>>> >>>>> This would probably work but I think it's not intuitive at all, and as >>>>> such error-prone. >>>>> >>>>> -Bertrand >>>>> >>>> -- >>>> Carsten Ziegeler >>>> Adobe Research Switzerland >>>> [email protected] >> -- >> Carsten Ziegeler >> Adobe Research Switzerland >> [email protected] -- Carsten Ziegeler Adobe Research Switzerland [email protected]
