[ https://issues.apache.org/jira/browse/SLING-3352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13910846#comment-13910846 ]
Alexander Klimetschek commented on SLING-3352: ---------------------------------------------- Agree with [~bdelacretaz], this starts to become mind-boggling. Having a general OSGi configuration mapping to JCR as [~cziegeler] proposed might make sense. Something like {{/mnt/osgiconfig/PID}} which is its clearly separate own tree (proposed by [~tripod] in a f2f). {{/mnt/osgiconfig}} would be admin read/writeable by default. You could create a JCR node for a certain PID at {{/mnt/osgiconfig/PID}} to set a different ACL. OTOH, you can already POST to the felix web console (using admin credentials) to change configurations, so the added benefit is not so clear. In any way, it's a very sensible topic, as any oversight easily makes configuration accessible to attackers, so it needs to be designed carefully. > Expose OSGI configuration via HTTP > ---------------------------------- > > Key: SLING-3352 > URL: https://issues.apache.org/jira/browse/SLING-3352 > Project: Sling > Issue Type: Improvement > Reporter: Marius Petria > Assignee: Carsten Ziegeler > Labels: replication > Attachments: SLING-3352.1.patch, SLING-3352.2.patch, SLING-3352.patch > > > We need a safe way to expose OSGI configuration via HTTP. > Requirements: > - all configs for a certain factory should be manageable > - they should have associated JCR nodes that contain the config properties > - only configs that are available through ConfigurationAdmin should be > available > - the HTTP urls should have friendly names > - (Optional) the implementation should be general enough to be used for other > configs other than replication if needed > For example: a configuration with name publish for > org.apache.sling.replication.agent.impl.ReplicationAgentServiceFactory > should be mapped to /etc/replication/agent/publish > Problems with current implementation of JCR nodes created by JCR installed: > - Configuration files are read and created from /apps/.../config or > /libs/.../config, and there is no easy way to determine which are active in > the ConfigurationAdmin > - There is no way to restrict a repository path to create only configuration > from a specified factory (making it unusable with relaxed ACLs) > - The url of a configuration is unfriendly (it contains the fully qualified > name of the factory) > - The node types are not homogenous making it hard to use in a client > application (some are nt:file, some are sling:OsgiConfig) -- This message was sent by Atlassian JIRA (v6.1.5#6160)