Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-5135

Whitelist legit usages of loginAdministrative and administrative ResourceResolver

Agile BoardAttach filesAttach ScreenshotVotersStop watchingWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: JCR Base 2.4.2
    • Component/s: JCR
    • Labels:
      None

      Description

      AbstractSlingRepositoryManager contains a method that disable loginAdministrative support

          /**
           * Returns whether to disable the
           * {@code SlingRepository.loginAdministrative} method or not.
           *
           * @return {@code true} if {@code SlingRepository.loginAdministrative} is
           *         disabled.
           */
          public final boolean isDisableLoginAdministrative() 
      

      This is a global configuration. It would be nice to have an extension of such mechanism that contains a white list of (few) legit usage of loginAdministrative

        Attachments

        1. SLING-5135.patch
          32 kB
          Bertrand Delacretaz
        2. SLING-5135.patch
          16 kB
          Bertrand Delacretaz

        Issue Links

          Activity

            People

            • Assignee:
              jsedding Julian Sedding
              Reporter:
              asanso Antonio Sanso

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment