[
https://issues.apache.org/jira/browse/OAK-9675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17480778#comment-17480778
]
Eric Norman commented on OAK-9675:
----------------------------------
Pull Request #471 contains the proposed code changes and some new tests to
verify it works. Please review and provide any feedback or merge the PR if
there are no concerns.
> Configuration option for allowed authorizable properties mixin types
> --------------------------------------------------------------------
>
> Key: OAK-9675
> URL: https://issues.apache.org/jira/browse/OAK-9675
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: core, security-spi
> Reporter: Eric Norman
> Priority: Major
> Fix For: 1.44.0
>
>
> This is in support of a use case where we want a stricter constraint on what
> is allowed to be stored in an authorizable property. The unstructured
> property definition from rep:Authorizable is too permissive for the use case.
> Defining and using a mixin with a property definition that has a value
> constraint defined solves most of the use case, but after doing that then
> the property is no longer visible in the authorizable properties.
> Basically, the current implementation of
> AuthorizablePropertiesImpl#getAuthorizableProperty will exclude any
> properties whose property definition is not declared by the rep:Authorizable
> node type. This means property definitions that are defined by any mixin
> type are excluded.
> The proposed improvement here is to add an optional configuration property
> that would define the names of mixin types that are allowed to define
> authorizable properties. Any property definition defined by a mixin type in
> this set would be included, and anything else would be excluded as before.
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
