[SLING-5135] Whitelist legit usages of loginAdministrative and administrative ResourceResolver - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: JCR Base 2.4.2
Component/s: JCR
Labels:
None

Description

AbstractSlingRepositoryManager contains a method that disable loginAdministrative support

    /**
     * Returns whether to disable the
     * {@code SlingRepository.loginAdministrative} method or not.
     *
     * @return {@code true} if {@code SlingRepository.loginAdministrative} is
     *         disabled.
     */
    public final boolean isDisableLoginAdministrative()

This is a global configuration. It would be nice to have an extension of such mechanism that contains a white list of (few) legit usage of loginAdministrative

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SLING-5135.patch
05/Sep/16 13:26
32 kB
Bertrand Delacretaz
SLING-5135.patch
22/Jul/16 13:41
16 kB
Bertrand Delacretaz

Issue Links

is blocked by

SLING-6113 JcrProviderStateFactory needs a reference to the bundle that's using it

Resolved

SLING-6124 Update oak-server to latest JCR module snapshots

Resolved

is related to

JCRVLT-325 VaultSyncServiceImpl still relies on deprecated loginAdministrative

Open

relates to

SLING-5355 Create service users and ACLs from the provisioning model

Resolved

SLING-6273 Document SLING-5135 - whitelist of legit login admin uses

Resolved

links to

GitHub Pull Request #185

(1 links to)

Activity

People

Assignee:: Julian Sedding

Reporter:: Antonio Sanso

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 12/Oct/15 07:57

Updated:: 16/Nov/18 10:19

Resolved:: 10/Nov/16 16:17