org.apache.sling.resourceaccesssecurity.ResourceAccessGate access.context=application

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

org.apache.sling.resourceaccesssecurity.ResourceAccessGate access.context=application

Karolis Mackevicius
Hi,

I am trying to implement
org.apache.sling.resourceaccesssecurity.ResourceAccessGate component
(dependency version 1.0.0), with following properties:

  * access.context=application
  * operations=read
  * path=/content/dam/.*

@Component(property = {"access.context=application","operations=read","path=/content/dam/.*"}, service = ResourceAccessGate.class)

Once I deploy it, everything under all other paths (that are not
/content/dam) or other operations (create,update,delete,execute) is not
accessible anymore.

Currently as a workaround I have created another ResourceAccessGate
component with no path and for all operations, which I originally don't
want to check.

Q: is this expected behavior?

Best Regards,

Karolis

--
Karolis Mackevicius | Software Engineer
Netcentric Ibérica SLU
Camí Antic de València 54, 7-9ª, 08005 Barcelona
M: +34 667 493 362
[hidden email] | www.netcentric.biz
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: org.apache.sling.resourceaccesssecurity.ResourceAccessGate access.context=application

Carsten Ziegeler
Karolis Mackevicius wrote

> Hi,
>
> I am trying to implement
> org.apache.sling.resourceaccesssecurity.ResourceAccessGate component
> (dependency version 1.0.0), with following properties:
>
>  * access.context=application
>  * operations=read
>  * path=/content/dam/.*
>
> @Component(property =
> {"access.context=application","operations=read","path=/content/dam/.*"},
> service = ResourceAccessGate.class)
>
> Once I deploy it, everything under all other paths (that are not
> /content/dam) or other operations (create,update,delete,execute) is not
> accessible anymore.
>
> Currently as a workaround I have created another ResourceAccessGate
> component with no path and for all operations, which I originally don't
> want to check.
>
> Q: is this expected behavior?

Hi,

unfortunately, yes, this is the expected behaviour. If there is no
application ResourceAccessGate no check at all is performed at this
level. However as soon as there is at least one, then there needs to be
ResourceAccessGate that grants operations. So registering such an
application level gate basically denies everything except granted by
this gate.
It's a little bit uncommon but that's how it was designed :)

Regards
Carsten

>
> Best Regards,
>
> Karolis
>


 

--
Carsten Ziegeler
Adobe Research Switzerland
[hidden email]
Loading...