Alexander Klimetschek created OAK-2981:
------------------------------------------

             Summary: Access control logging
                 Key: OAK-2981
                 URL: https://issues.apache.org/jira/browse/OAK-2981
             Project: Jackrabbit Oak
          Issue Type: New Feature
          Components: security
            Reporter: Alexander Klimetschek


For debugging application behavior and designing ACLs it is useful to have a 
logging of JCR operations and also see if access was granted or not.

I hacked a quick solution that gives this result:
{noformat}
10.06.2015 15:29:43.658 [admin] ALLOWED 
/jcr:system/rep:namespaces/rep:nsdata/http%3A%2F%2Fsling.apache.org%2Fjcr%2Fevent%2F1.0
 [read property]
10.06.2015 15:29:43.658 [admin] ALLOWED 
/var/eventing/jobs/assigned/862f413b-6f03-40a1-aa10-550af9970254 [read]
10.06.2015 15:29:43.658 [admin] ALLOWED 
/var/eventing/jobs/assigned/862f413b-6f03-40a1-aa10-550af9970254/jcr:primaryType
 [read property]
10.06.2015 15:30:10.484 [[email protected]] DENIED  
/libs/wcm/core/content/contentfinder [read]
10.06.2015 15:25:12.421 [admin] ALLOWED 
/var/classes/862f413b-6f03-40a1-aa10-550af9970254/sightly/1.0.2/apps/ccebasic/ui/commons/breadcrumbs/SightlyJava_breadcrumbs.java/jcr:content/jcr:content
 [REMOVE_NODE,ADD_NODE]
{noformat}

See on my github fork: 
https://github.com/alexkli/jackrabbit-oak/commit/f4ecf7ca6b7d8c7e1d6967d409be4045a634efe2



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to