[
https://issues.apache.org/jira/browse/OAK-2981?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14583226#comment-14583226
]
angela edited comment on OAK-2981 at 6/12/15 10:37 AM:
-------------------------------------------------------
while i agree on the use case of displaying both the effective access control
content and the effective permissions for a given (set of) principal(s) the
implementation is not sensible at all as it logs upon permission evaluation.
so, a) the subject doesn't match the effective code and b) mixes access control
management and permission evaluation and c) it doesn't log access control at
all... not really demonstrating an understanding of the concepts and design i
have to say... ;-)
i would rather go for tool that displays the effective permissions than a
logger that pollutes the log-file during each and every single access. that is
not going to help anybody.
was (Author: anchela):
while i agree on the use case the implementation is not sensible at all as it
logs upon permission evaluation.
so, the subject doesn't match the effective code and mixes access control
management and permission evaluation... not really demonstrating an
understanding of the concepts and design i have to say... ;-)
i would rather go for tool that displays the effective permissions than a
logger that pollutes the log-file during each and every single access. that is
not going to help anybody.
> Access control logging
> ----------------------
>
> Key: OAK-2981
> URL: https://issues.apache.org/jira/browse/OAK-2981
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Components: core
> Reporter: Alexander Klimetschek
> Assignee: angela
> Priority: Minor
>
> For debugging application behavior and designing ACLs it is useful to have a
> logging of JCR operations and also see if access was granted or not.
> I hacked a quick solution that gives this result:
> {noformat}
> 10.06.2015 15:29:43.658 [admin] ALLOWED
> /jcr:system/rep:namespaces/rep:nsdata/http%3A%2F%2Fsling.apache.org%2Fjcr%2Fevent%2F1.0
> [read property]
> 10.06.2015 15:29:43.658 [admin] ALLOWED
> /var/eventing/jobs/assigned/862f413b-6f03-40a1-aa10-550af9970254 [read]
> 10.06.2015 15:29:43.658 [admin] ALLOWED
> /var/eventing/jobs/assigned/862f413b-6f03-40a1-aa10-550af9970254/jcr:primaryType
> [read property]
> 10.06.2015 15:30:10.484 [[email protected]] DENIED
> /libs/wcm/core/content/contentfinder [read]
> 10.06.2015 15:25:12.421 [admin] ALLOWED
> /var/classes/862f413b-6f03-40a1-aa10-550af9970254/sightly/1.0.2/apps/ccebasic/ui/commons/breadcrumbs/SightlyJava_breadcrumbs.java/jcr:content/jcr:content
> [REMOVE_NODE,ADD_NODE]
> {noformat}
> See on my github fork:
> https://github.com/alexkli/jackrabbit-oak/commit/f4ecf7ca6b7d8c7e1d6967d409be4045a634efe2
> Change against the 1.2 branch. [As patch
> file|https://github.com/alexkli/jackrabbit-oak/commit/f4ecf7ca6b7d8c7e1d6967d409be4045a634efe2.patch].
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
