I added an issue for this and an implementation of the missing functionality.
Marius [1] https://issues.apache.org/jira/browse/SLING-3435 > -----Original Message----- > From: Marius Petria [mailto:mpet...@adobe.com] > Sent: Wednesday, March 05, 2014 4:00 PM > To: dev@sling.apache.org > Subject: RE: ResourceAccessSecurity for ModifiableValueMaps is not yet > supported > > Hi, > > It is true that a wrapper is returned for read operations. However it seems > that the support for updates is not done (see [1] and [2]). > > There are two things that need to be fixed: > 1. the ResourceAccessSecurityImpl.getReadableResource should return a > resourcewrapper whenever the resource is adaptable to ModifiableMap 2. > the resource wrapper should actually do the access checks as it currently > does nothing > > Marius > > > > [1] https://github.com/apache/sling/search?q=AccessGateResourceWrapper > [2] > https://github.com/apache/sling/blob/f0b16cd1215f8492bd54a608945bebf7 > ef4b3f9c/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/re > sourceaccesssecurity/impl/ResourceAccessSecurityImpl.java#L103 > > > > > -----Original Message----- > > From: Carsten Ziegeler [mailto:cziege...@apache.org] > > Sent: Wednesday, March 05, 2014 2:48 PM > > To: dev@sling.apache.org > > Subject: Re: ResourceAccessSecurity for ModifiableValueMaps is not yet > > supported > > > > I think the idea of the implementation is, that the > > ResourceAccessSecurity returns a resource wrapper for the resource > > which overwrites adaptTo and then returns a wrapped map for the checks. > > > > But Mike probably knows more about it > > > > Carsten > > > > > > 2014-03-05 11:47 GMT+01:00 Marius Petria <mpet...@adobe.com>: > > > > > Hi, > > > > > > > > > > > > I am trying to secure access to a ModifiableResourceProvider using a > > > ResourceAccessSecurityGate. Typically a modifiable resource holds a > > > reference to its provider and calls it whenever a value is changed > > > (see [1]). However this pattern goes arround the > > > ResourceAccessSecurity checks which are done in the ProviderHandler > > > (see > > [2]). > > > > > > > > > > > > How should we support ModifiableResources for ResourceAccessSecurity > > > checks? Ultimately I think we might need to expose an api for > > > sending changes to a resourceprovider and have a utility wrapper > > > (like the > > > ProviderHandler) that enforces security on all methods. > > > > > > > > > > > > Marius > > > > > > > > > > > > > > > > > > > > > > > > [1] > > > > > > https://github.com/apache/sling/blob/62b1ff1f8dcc9c4060b9f025ff915abb9 > > > > > > 779780c/contrib/extensions/mongodb/src/main/java/org/apache/sling/mon > > g > > > odb/impl/ChangeableValueMap.java > > > > > > [2] > > > > > > https://github.com/apache/sling/blob/838ec33748f6cb5eb21d9dd0d8106ade > > c > > > c001f97/bundles/resourceresolver/src/main/java/org/apache/sling/reso > > > ur ceresolver/impl/tree/ProviderHandler.java > > > > > > > > > > > > > > > > > > -- > > Carsten Ziegeler > > cziege...@apache.org
