[SECURITY-71] Consider backwards compatibility with ACLs defined in JCR roles and users Created: 27/Oct/23  Updated: 29/Nov/23

Status: Open
Project: Security
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Mikaël Geljić Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: parked
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Epic Link: Sane Default Roles & Groups

 Description   

As 6.3 aims to support permissions/ACLs via MP config, consider backwards compatibility needs:

  • Delegation: either chain evaluation of JCR ACLs behind MP permissions (delegate to current UriSecurityFilter and similar), supports gradual migration for projects.
  • or MP security for new projects only: rely on one MicroProfile config property (or absence thereof) to enable the new security evaluation alone, or disable it completely; would eventually require an all-at-once migration for projects.

Additional note: even if customers don't strictly need to update, the old ways will be perceived as legacy/deprecated, so they generally want to stay up-to-date, so let's facilitate porting, minimize the overhead, auto-conversion possibilities, etc.


Generated at Mon Feb 12 10:47:36 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.