[ https://issues.apache.org/jira/browse/OAK-2981?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14589799#comment-14589799 ]
angela commented on OAK-2981: ----------------------------- my take is totally the opposite: you have to think about your permission setup upfront and design it. if you just look at a log you will end up just opening up permission blindly to make everything get green without designing it! this is asking for privilege escalations and is just the total opposite of what the security team tries to establish. so, my -1 still stands. consider this a veto. > Access control logging > ---------------------- > > Key: OAK-2981 > URL: https://issues.apache.org/jira/browse/OAK-2981 > Project: Jackrabbit Oak > Issue Type: New Feature > Components: core > Reporter: Alexander Klimetschek > Assignee: angela > Priority: Minor > > For debugging application behavior and designing ACLs it is useful to have a > logging of JCR operations and also see if access was granted or not. > I hacked a quick solution that gives this result: > {noformat} > 10.06.2015 15:29:43.658 [admin] ALLOWED > /jcr:system/rep:namespaces/rep:nsdata/http%3A%2F%2Fsling.apache.org%2Fjcr%2Fevent%2F1.0 > [read property] > 10.06.2015 15:29:43.658 [admin] ALLOWED > /var/eventing/jobs/assigned/862f413b-6f03-40a1-aa10-550af9970254 [read] > 10.06.2015 15:29:43.658 [admin] ALLOWED > /var/eventing/jobs/assigned/862f413b-6f03-40a1-aa10-550af9970254/jcr:primaryType > [read property] > 10.06.2015 15:30:10.484 [aklim...@adobe.com] DENIED > /libs/wcm/core/content/contentfinder [read] > 10.06.2015 15:25:12.421 [admin] ALLOWED > /var/classes/862f413b-6f03-40a1-aa10-550af9970254/sightly/1.0.2/apps/ccebasic/ui/commons/breadcrumbs/SightlyJava_breadcrumbs.java/jcr:content/jcr:content > [REMOVE_NODE,ADD_NODE] > {noformat} > See on my github fork: > https://github.com/alexkli/jackrabbit-oak/commit/f4ecf7ca6b7d8c7e1d6967d409be4045a634efe2 > Change against the 1.2 branch. [As patch > file|https://github.com/alexkli/jackrabbit-oak/commit/f4ecf7ca6b7d8c7e1d6967d409be4045a634efe2.patch]. -- This message was sent by Atlassian JIRA (v6.3.4#6332)