Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-2981

Access control logging

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • core
    • None

    Description

      For debugging application behavior and designing ACLs it is useful to have a logging of JCR operations and also see if access was granted or not.

      I hacked a quick solution that gives this result:

      10.06.2015 15:29:43.658 [admin] ALLOWED /jcr:system/rep:namespaces/rep:nsdata/http%3A%2F%2Fsling.apache.org%2Fjcr%2Fevent%2F1.0 [read property]
10.06.2015 15:29:43.658 [admin] ALLOWED /var/eventing/jobs/assigned/862f413b-6f03-40a1-aa10-550af9970254 [read]
10.06.2015 15:29:43.658 [admin] ALLOWED /var/eventing/jobs/assigned/862f413b-6f03-40a1-aa10-550af9970254/jcr:primaryType [read property]
10.06.2015 15:30:10.484 [aklimets@adobe.com] DENIED  /libs/wcm/core/content/contentfinder [read]
10.06.2015 15:25:12.421 [admin] ALLOWED /var/classes/862f413b-6f03-40a1-aa10-550af9970254/sightly/1.0.2/apps/ccebasic/ui/commons/breadcrumbs/SightlyJava_breadcrumbs.java/jcr:content/jcr:content [REMOVE_NODE,ADD_NODE]

      See on my github fork: https://github.com/alexkli/jackrabbit-oak/commit/f4ecf7ca6b7d8c7e1d6967d409be4045a634efe2

      Change against the 1.2 branch. As patch file.

      Attachments

        Issue Links

          is related to

          Task - A task that needs to be done. OAK-2997 Document mapping between built-in privileges and API calls + items

          • Major - Major loss of function.
          • Closed

          Activity

            People

              angela Angela Schreiber
              alexander.klimetschek Alexander Klimetschek
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: