WSO2 Enterprise Store 1.0.0: access control

76 Views Asked by mimaen At 20 October 2024 at 04:00

Assets on WSO2 ES are retrieved by a direct URL, without access control.

Despite not assign permissions to anonymous users, once a user have the URL to an asset, everyone knowing that URL can download the resource.

Is there any plan to implement access control to assets?

Original Q&A

There are 1 best solutions below

sameera On 03 February 2014 at 07:01

This seems to be a bug as the access rights are supposed to be checked before serving the resource. The list of allowed roles are specified in the configuration files found in the ext/config/ folder .An example of its usage can be found in /store/config/ext/gadget.json;

"storage": {

    "images_banner": {

        "lifecycle": {
            "created": ["private_{overview_provider}"],
            "in-review": ["reviewer", "private_{overview_provider}"],
            "published": ["Internal/everyone", "private_{overview_provider}", "reviewer","anon"],
            "unpublished": ["private_{overview_provider}"]
        }
    },

    "images_thumbnail": {

        "lifecycle": {
            "created": ["private_{overview_provider}"],
            "in-review": ["reviewer", "private_{overview_provider}"],
            "published": ["Internal/everyone", "private_{overview_provider}", "reviewer","anon"],
            "unpublished": ["private_{overview_provider}"]
        }
    }

}

I have logged a JIRA for this issue [1] and we will have it fixed in the next release.

[1] https://wso2.org/jira/browse/STORE-383

Thanks, Sameera

WSO2 Enterprise Store 1.0.0: access control

There are 1 best solutions below

Related Questions in SECURITY

Related Questions in WSO2

Related Questions in WSO2-ES

Trending Questions

Popular # Hahtags

Popular Questions