Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-10466

Prevent anonymous user from being disabled

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Wish
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • core, security
    • None

    Description

      today all users except the admin can be disabled preventing it from login. however, this is not sensible for the anonymous user. if anonymous access should not be possible it is recommended to use the corresponding configuration option that doesn't install the anonymous user in the first place.

      for full backwards compatibility we should have consider placing this behind a configuration option such that consumers can opt out (and still disable the anonymous) if they really want.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            angela Angela Schreiber
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment