On 28/08/2013 08:56, Marcin Sośnicki wrote:
Hello,
I have a question: I am using Apache Syncope at version
1.2.0-SNAPSHOT. I have noticed that it is possible, while not logged
in, to browse resources like /roles, /schema and /resources. Is it
intentional? Non admin users also have access to these resources. I
would appreciate your help, as maybe there are reasons for such
behaviour.
Hi Marcin,
if you search our mailing list archives, you will find some discussion
about this topic: basically, some REST resources are available as
anonymous in order to enable the self-registration feature [1].
Anyway, as reported in our roadmap [2] (more specifically [3]), this is
going to change in 1.2.0.
Hope this clarifies.
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Handle+user+requests+%28including+self+registration%29
[2] https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap
[3] https://issues.apache.org/jira/browse/SYNCOPE-132
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
