[jira] [Commented] (SLING-3352) Expose OSGI configuration via HTTP

Tue, 25 Feb 2014 05:17:17 -0800 

    [ 
https://issues.apache.org/jira/browse/SLING-3352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13911552#comment-13911552
 ] 

Tommaso Teofili commented on SLING-3352:
----------------------------------------

bq. OTOH, you can already POST to the felix web console (using admin 
credentials) to change configurations, so the added benefit is not so clear.

as Marius said the problem we're trying to face is more fine grained access 
than just "admin can do anything".

bq. In any way, it's a very sensible topic, as any oversight easily makes 
configuration accessible to attackers...

but we assume that things work with a correct setup, do we? :)

> Expose OSGI configuration via HTTP
> ----------------------------------
>
>                 Key: SLING-3352
>                 URL: https://issues.apache.org/jira/browse/SLING-3352
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Marius Petria
>            Assignee: Carsten Ziegeler
>              Labels: replication
>         Attachments: SLING-3352.1.patch, SLING-3352.2.patch, SLING-3352.patch
>
>
> We need a safe way to expose OSGI configuration via HTTP.
> Requirements:
> - all configs for a certain factory should be manageable
> - they should have associated JCR nodes that contain the config properties
> - only configs that are available through ConfigurationAdmin should be 
> available
> - the HTTP urls should have friendly names
> - (Optional) the implementation should be general enough to be used for other 
> configs other than replication if needed
> For example: a configuration with name publish for 
> org.apache.sling.replication.agent.impl.ReplicationAgentServiceFactory
> should be mapped to /etc/replication/agent/publish
> Problems with current implementation of JCR nodes created by JCR installed:
> -  Configuration files are read and created from  /apps/.../config or 
> /libs/.../config, and there is no easy way to determine which are active in 
> the ConfigurationAdmin
> - There is no way to restrict a repository path to create only configuration 
> from a specified factory (making it unusable with relaxed ACLs)
> - The url of a configuration is unfriendly (it contains the fully qualified 
> name of the factory)
> - The node types are not homogenous making it hard to use in a client 
> application (some are nt:file, some are sling:OsgiConfig)



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to