[SLING-6130] Restrict access for principal everyone and move configuration to repoinit - ASF JIRA

XML

Word

Printable

JSON

Type: Improvement
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: JCR Oak Server 1.1.0
Fix Version/s: JCR Oak Server 1.1.4, Karaf Launchpad Integration Tests (Oak Tar) 0.0.12, Karaf Integration Tests 1.0.0, Karaf Configs 1.0.0, Starter 11
Component/s: JCR, Karaf, Launchpad, Oak
Labels:
- Sling-11-ReleaseNotes
- security

Currently everyone can read from / (configured in OakSlingRepositoryManager).

Access for everyone should be restricted:

~~Change path from / to /content in OakSlingRepositoryManager~~ (~~r1764259~~)
Fix modules (samples) relying on unrestricted read access
Move configuration of ACLs to repoinit

discussion on dev@

blocks

SLING-7647 Anonymous access to content stopped working

causes

SLING-7615 HTL integration tests should use authentication

SLING-7721 [HTL] Redirect user to login form in REPL if the user is not already authenticated

is blocked by

SLING-6171 Unable to set up ACLs for the 'everyone' principal

relates to

SLING-7554 Link to Slingshot sample does not work

SLING-7484 Move content from JCR root to /content

(1 relates to)