[
https://issues.apache.org/jira/browse/SLING-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13937936#comment-13937936
]
Mike Müller commented on SLING-3435:
------------------------------------
Hi Marius
I just checked the code out again (fresh copy) and had no problems to run the
integration tests (after building the whole sling). But you're right, that the
session.save() is missing, which I included now (r
The tests completed anyway because the ResouceAccessGates for the tests do not
distinguish between logged in user or not by now.
Can you try to test it on your side with a fresh copy?
Why do you whink we should link the gates with the providers (pathwise)? In the
setup now, we just can combine anythink for the tests.
I also like to have also some weird combinations in the tests even if nobody
should configure his application like this, but to get a good test base
(because it's a security feature).
> ResourceAccessSecurity does not secure access for update operations
> -------------------------------------------------------------------
>
> Key: SLING-3435
> URL: https://issues.apache.org/jira/browse/SLING-3435
> Project: Sling
> Issue Type: New Feature
> Components: ResourceResolver
> Reporter: Marius Petria
> Assignee: Mike Müller
> Attachments: SLING-3435.1.patch, SLING-3435.2.patch, SLING-3435.patch
>
>
> ResourceAccessSecurity should use gates registered for update operations in
> order to secure access to modifiable value maps.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
