Instead of denying rights to the everyone group, deny rights to the anonymous principal instead. Like this:
curl -FprincipalId=anonymous -Fprivilege@jcr:readAccessControl=denied http://admin:admin@localhost:8080/.modifyAce.html Regards, Eric On Sun, Sep 16, 2012 at 11:40 AM, Sandro Boehme <[email protected]>wrote: > Hello, > > when logged in as anonymous I can see all users, groups and acls with the > following URLs: > http://localhost:8080/index.**html.eacl.json<http://localhost:8080/index.html.eacl.json> > http://localhost:8080/system/**userManager/user.tidy.**infinity.json<http://localhost:8080/system/userManager/user.tidy.infinity.json> > http://localhost:8080/system/**userManager/group.tidy.1.json<http://localhost:8080/system/userManager/group.tidy.1.json> > http://localhost:8080/system/**userManager/user/admin.tidy.1.**json<http://localhost:8080/system/userManager/user/admin.tidy.1.json> > > I tried to avoid that by denying jcr:readAccessControl to the root node > with with following statement. > curl -FprincipalId=everyone -Fprivilege@jcr:**readAccessControl=denied > http://admin:admin@localhost:**8080/.modifyAce.html > The response was a http 200 status but I can still see the information as > anonymous. Is there a way to avoid that? > > Best, > > Sandro >
