It works. Of course *.eacl.json produces a 404 for anonymous after
denying readAccessControl to the root node! Thanks for the hint Erik!
Am 17.09.12 02:40, schrieb Eric Norman:
Instead of denying rights to the everyone group, deny rights to the
anonymous principal instead. Like this:
curl -FprincipalId=anonymous -Fprivilege@jcr:readAccessControl=denied
http://admin:admin@localhost:8080/.modifyAce.html
Regards,
Eric
On Sun, Sep 16, 2012 at 11:40 AM, Sandro Boehme <[email protected]>wrote:
Hello,
when logged in as anonymous I can see all users, groups and acls with the
following URLs:
http://localhost:8080/index.**html.eacl.json<http://localhost:8080/index.html.eacl.json>
http://localhost:8080/system/**userManager/user.tidy.**infinity.json<http://localhost:8080/system/userManager/user.tidy.infinity.json>
http://localhost:8080/system/**userManager/group.tidy.1.json<http://localhost:8080/system/userManager/group.tidy.1.json>
http://localhost:8080/system/**userManager/user/admin.tidy.1.**json<http://localhost:8080/system/userManager/user/admin.tidy.1.json>
I tried to avoid that by denying jcr:readAccessControl to the root node
with with following statement.
curl -FprincipalId=everyone -Fprivilege@jcr:**readAccessControl=denied
http://admin:admin@localhost:**8080/.modifyAce.html
The response was a http 200 status but I can still see the information as
anonymous. Is there a way to avoid that?
Best,
Sandro
