[
https://issues.apache.org/jira/browse/SLING-936?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12701667#action_12701667
]
Ian Boston commented on SLING-936:
--
The current patch has been tested with a bash script an
[
https://issues.apache.org/jira/browse/SLING-936?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ian Boston updated SLING-936:
-
Attachment: SLING-936.patch
Very small change to the patch to make the path ab/ef/f3/ rather than a/b/e
[
https://issues.apache.org/jira/browse/SLING-936?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ian Boston updated SLING-936:
-
Attachment: (was: SLING-936.patch)
> The use of the JR UserManager may not scale.
> --
Hi
If you register an own Servlet which should be used as default servlet you can
register it with
sling.servlet.resourceTypes=sling/servlet/default
sling.servlet.methods=GET
(if it should work only for GET requests)
If I upload a bundle with such a Servlet (call it MyServlet) in Sling
everyth
[
https://issues.apache.org/jira/browse/SLING-937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-937:
Attachment: sling-eclipse-codestyle.xml
The Codestyle setup for Eclipse, which I currently u
Hi Ian,
Thanks for providing this. This is very much appreciated.
It is probably about time to start thinking and fighting about such a
thing as a coding convention ...
Ian Boston schrieb:
> For what it is worth, and I wont say I agree with all of it, but thats ok.
>
> The shindig eclipse files
Coding Conventions
--
Key: SLING-937
URL: https://issues.apache.org/jira/browse/SLING-937
Project: Sling
Issue Type: RTC
Components: General
Reporter: Felix Meschberger
Based on the discussion "Code St
> Have you looked at the filesystem resource provider ? This provides
> access to the OS filesystem through the Sling
> ResourceResolver. Carsten
> also wrote an interesting blog about this [1]
>
> Regards
> Felix
>
> [1] http://www.osoco.org/blog/?p=69
Thank you Felix, very interesting feature.
For what it is worth, and I wont say I agree with all of it, but thats
ok.
The shindig eclipse files are here
http://svn.apache.org/repos/asf/incubator/shindig/trunk/etc/eclipse/
but you probably wont want the import order as it reverses to allow
overrides.
and there is a checkstyle config
Hi Mike,
Mike Müller schrieb:
> Hi Alex
>
>> On Wed, Apr 22, 2009 at 5:25 PM, Mike Müller
>> wrote:
>>> Is there an easy way to get the absolute path to the
>> sling.home directory in a bundle or servlet?
>>> (sling launched as standalone app, not in a servlet container)
>> Sorry if I cannot ans
Hi,
Mike Müller schrieb:
> Hi
>
> Is there an easy way to get the absolute path to the sling.home directory in
> a bundle or servlet?
> (sling launched as standalone app, not in a servlet container)
The sling.home is available as an absolute path as a framework property
through the BundleContex
Hi,
Bertrand Delacretaz schrieb:
> On Wed, Apr 22, 2009 at 5:49 PM, Ian Boston wrote:
>> Is there a code style guide for sling, or better still an eclipse config and
>> import order.
>> It looks like standard java style but I am not sure about the space policy...
>
> I'm not sure if we're sure e
Hi Ian,
Ian Boston schrieb:
> Is there a code style guide for sling, or better still an eclipse config
> and import order.
> It looks like standard java style but I am not sure about the space policy.
Interesting topic which is as important as it is controverse.
As Bertrand, I am basically using
[
https://issues.apache.org/jira/browse/SLING-936?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ian Boston updated SLING-936:
-
Attachment: SLING-936.patch
This patch adds a 3 level tree based on a sha1 of the user name and a bit of
Bertrand Delacretaz wrote:
2) Prevent legitimate scripts from messing up with the system
An variant of 2) just showed up in the "Accessing JCR" thread. Looks
like anyone that can upload a script can do the following:
<%
SlingRepository repo = sling.getService(SlingRepository.class);
In Shindig we created a code style, although its made patching easier,
it did generate discussion.
It was basically java standard, with some mods, eg 2 spaces rather
than tabs, no trailing spaces on lines and a bunch of other things.
I can share these if you like (they are in the Shindig svn),
Hi Alex
> On Wed, Apr 22, 2009 at 5:25 PM, Mike Müller
> wrote:
> > Is there an easy way to get the absolute path to the
> sling.home directory in a bundle or servlet?
> > (sling launched as standalone app, not in a servlet container)
>
> Sorry if I cannot answer your question, but why do you wan
The use of the JR UserManager may not scale.
Key: SLING-936
URL: https://issues.apache.org/jira/browse/SLING-936
Project: Sling
Issue Type: Improvement
Reporter: Ian Boston
By defaul
On Wed, Apr 22, 2009 at 5:49 PM, Ian Boston wrote:
> Is there a code style guide for sling, or better still an eclipse config and
> import order.
> It looks like standard java style but I am not sure about the space policy...
I'm not sure if we're sure either ;-)
I use two spaces and no tabs for
On Wed, Apr 22, 2009 at 5:25 PM, Mike Müller wrote:
> Is there an easy way to get the absolute path to the sling.home directory in
> a bundle or servlet?
> (sling launched as standalone app, not in a servlet container)
Sorry if I cannot answer your question, but why do you want to access
the fil
Is there a code style guide for sling, or better still an eclipse
config and import order.
It looks like standard java style but I am not sure about the space
policy.
Ian
Hi
Is there an easy way to get the absolute path to the sling.home directory in a
bundle or servlet?
(sling launched as standalone app, not in a servlet container)
best regards
mike
Hi Carl,
On Wed, Apr 22, 2009 at 4:26 PM, Carl Hall wrote:
> I've searched through docs but have yet to discover this though I'm
> probably just overlooking something. What's the suggested way to
> access data in a jcr repository when not coming from a user related
> request (ie. when in an even
To answer my own question, for anyone else to travels the same route.
This makes no difference since the url the UI sees is an
AuthorizableResource produced by the AuthorizableResourceProvider
which is mapped onto the root path of /system/userManager/
so that
/system/userManager/user/ieb
On Wed, Apr 22, 2009 at 4:26 PM, Carl Hall wrote:
> I've searched through docs but have yet to discover this though I'm
> probably just overlooking something. What's the suggested way to
> access data in a jcr repository when not coming from a user related
> request (ie. when in an event listener
I've searched through docs but have yet to discover this though I'm
probably just overlooking something. What's the suggested way to
access data in a jcr repository when not coming from a user related
request (ie. when in an event listener)? Also, how do I get hold of
the observation manager to r
On Wed, Apr 22, 2009 at 2:44 PM, Jukka Zitting wrote:
> Hi,
>
> On Wed, Apr 22, 2009 at 2:22 PM, Tobias Bocanegra wrote:
>> System.exit() bears IMO no real risk, since it can be prevented by
>> java security.
>
> I'd like to see the relevant java security settings. With all the OSGi
> stuff, JCR
Hi,
Jukka Zitting schrieb:
> Hi,
>
> On Wed, Apr 22, 2009 at 2:22 PM, Tobias Bocanegra wrote:
>> System.exit() bears IMO no real risk, since it can be prevented by
>> java security.
>
> I'd like to see the relevant java security settings. With all the OSGi
> stuff, JCR bundle loading, and scrip
[
https://issues.apache.org/jira/browse/SLING-934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stuart Freeman closed SLING-934.
> AbstractSlingRepository.java unbindLog() sets method scoped log to null
>
Hi,
On Wed, Apr 22, 2009 at 2:22 PM, Tobias Bocanegra wrote:
> System.exit() bears IMO no real risk, since it can be prevented by
> java security.
I'd like to see the relevant java security settings. With all the OSGi
stuff, JCR bundle loading, and script compiling in place I think
coming up wit
On Wed, Apr 22, 2009 at 12:41 PM, Felix Meschberger wrote:
> Hi,
>
> Jukka Zitting schrieb:
>> Hi,
>>
>> I was thinking about the implications of giving a user write access to
>> a subtree of the repository. With that access the user could now
>> upload a new script and create a node that invokes
On Wed, Apr 22, 2009 at 1:42 PM, Felix Meschberger wrote:
> Hi,
>
> Carsten Ziegeler schrieb:
>> ...scripts are
>> only picked
>> up from configured paths (libs and apps by default). So as long as the
>> user is not allowed to write in these locations, everything should be fine.
>
> Well, there is
Hi,
Carsten Ziegeler schrieb:
> Bertrand Delacretaz wrote:
>> Hi Jukka,
>>
>> On Wed, Apr 22, 2009 at 12:25 PM, Jukka Zitting
>> wrote:
>>> ...I was thinking about the implications of giving a user write access to
>>> a subtree of the repository. With that access the user could now
>>> upload a
Bertrand Delacretaz wrote:
> Hi Jukka,
>
> On Wed, Apr 22, 2009 at 12:25 PM, Jukka Zitting
> wrote:
>> ...I was thinking about the implications of giving a user write access to
>> a subtree of the repository. With that access the user could now
>> upload a new script and create a node that invok
Hi Jukka,
On Wed, Apr 22, 2009 at 12:25 PM, Jukka Zitting wrote:
> ...I was thinking about the implications of giving a user write access to
> a subtree of the repository. With that access the user could now
> upload a new script and create a node that invokes that script when
> rendered
Req
Felix,
That sounds like it would address the issue of accepting scripts from
trusted sources but would not, make the scripts safe as per your
original post.
On System.exit itself
I cant remember if the runtime shutdown handler can veto System.exit,
although the damage will already be done
[
https://issues.apache.org/jira/browse/SLING-911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger closed SLING-911.
---
Tests seem to indicate this issue is really fixed. So closing this issue now.
> ResourceProvider
Hi,
Ian Boston schrieb:
> This is an interesting one for us, since all users will have write
> access to the repository.
> Is there an 'execute' permission in sling, or perhaps even an equivalent
> to the no execute mount option in posix. I see some extensions to the
> DefaultAccessControlManager
Hi,
Torgeir Veimo schrieb:
> The servlet container usually have default security policies defined, which
> can easily be changed. Eg for tomcat, look at conf/catalina.policy.
> Am not sure what facilities ogsi containers provide in this area though?
OSGi containers basically also depend on standa
Hi,
On Wed, Apr 22, 2009 at 12:40 PM, Torgeir Veimo wrote:
> The servlet container usually have default security policies defined, which
> can easily be changed. Eg for tomcat, look at conf/catalina.policy.
What would such a policy file look like, i.e. what codeBase should be
used and what permi
This is an interesting one for us, since all users will have write
access to the repository.
Is there an 'execute' permission in sling, or perhaps even an
equivalent to the no execute mount option in posix. I see some
extensions to the DefaultAccessControlManager looming.
Ian
On 22 Apr 2009
Hi,
Jukka Zitting schrieb:
> Hi,
>
> I was thinking about the implications of giving a user write access to
> a subtree of the repository. With that access the user could now
> upload a new script and create a node that invokes that script when
> rendered.
>
> What if the script contains somethi
The servlet container usually have default security policies defined, which
can easily be changed. Eg for tomcat, look at conf/catalina.policy.
Am not sure what facilities ogsi containers provide in this area though?
2009/4/22 Jukka Zitting
> Hi,
>
> I was thinking about the implications of givi
Hi,
I was thinking about the implications of giving a user write access to
a subtree of the repository. With that access the user could now
upload a new script and create a node that invokes that script when
rendered.
What if the script contains something like System.exit(1)? Or
something even mo
Hi Juanjo,
Juan José Vázquez Delgado schrieb:
> Hi Felix,
>
>> I propose to create a new service interface Authenticator, which is
>> implemented by the existing SlingAuthenticator class (both in the
>> o.a.sling.engine bundle). This interface has a requestAuthentication
>> method, which may be u
Hi Felix,
> I propose to create a new service interface Authenticator, which is
> implemented by the existing SlingAuthenticator class (both in the
> o.a.sling.engine bundle). This interface has a requestAuthentication
> method, which may be used to initiate authentication from within
> servlets o
Hi all,
Currently the authentication process is kind of broken and should be
fixed. See the concept page "Authentication Initiation" [1].
In essence the problem is, that authentication can only be initiated by
visiting special authentication pages explicitly or by being redirected.
Servlets and s
Hi Daniel,
Daniel, de la Cuesta Navarrete schrieb:
> Thank you,
>
> Sorry for my late response, but I have a new idea.
>
> My problem is that I want to return a service ticket in the POST response
> when a new resource is created. This service ticket can appear in a response
> header or in the
Thank you,
Sorry for my late response, but I have a new idea.
My problem is that I want to return a service ticket in the POST response
when a new resource is created. This service ticket can appear in a response
header or in the response body.
I am agree with you, and I don't want to stop the
49 matches
Mail list logo