[OAK-9852] FilterProviderImpl should log a warning if a subject contains 'mixed' service-user-principals - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Critical
Resolution: Won't Do
Affects Version/s: None
Fix Version/s: None
Component/s: authorization-principalbased
Labels:
None

Description

For content distribution we use a user mapping with a subservice like:

"org.apache.sling.distribution.journal:importer=[sling-distribution-importer,sling-distribution,content-writer-service,repository-reader-service,version-manager-service,group-administration-service,user-administration-service,namespace-mgmt-service]"

Angela explained to me that if any of the subjects in the list is not principal based then the whole subservice will fall back to default authoristation. This can lead to unexpected access denied issues that are difficult to debug.

So it would be great if we could add some warn logging that cleary tells us that our subservice is possibly not working as expected.

Attachments

Issue Links

links to

GitHub Pull Request #636

Activity

People

Assignee:: Angela Schreiber

Reporter:: Christian Schneider

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Jul/22 08:27

Updated:: 22/Jul/22 15:32

Resolved:: 22/Jul/22 15:31