[NXP-11617] Apply security policies not just for NXQL (CMISQL) - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 5.6
Fix Version/s: 5.6.0-HF21, 5.7.2
Component/s: CMIS, Query & PageProvider, Security / Rights

Impact type:

API change
Upgrade notes:
Hide

New APIs that must be implemented in order for CMIS queries to be executed with nontrivial security policies:

SecurityPolicy.isExpressibleInQuery(String repositoryName, String queryLanguage) -> boolean

SecurityPolicy.getQueryTransformer(String repositoryName, String queryLanguage) -> QueryTransformer

QueryTransformer.transform(Principal principal, String query) -> String
Show
New APIs that must be implemented in order for CMIS queries to be executed with nontrivial security policies: SecurityPolicy.isExpressibleInQuery(String repositoryName, String queryLanguage) -> boolean SecurityPolicy.getQueryTransformer(String repositoryName, String queryLanguage) -> QueryTransformer QueryTransformer.transform(Principal principal, String query) -> String

Description

The CMISQLQueryMaker does not currently apply security policy query transformers. This is a security hole that allows CMIS clients to retrieve documents they should be prevented from accessing.

Currently, the Security Policy Query Transformers only support NXQL. They should be enhanced to also support CMISQL. In addition, the CMISQLQueryMaker must be enhanced to apply these new CMISQL Security Policy Query Transformers.

WORKAROUND: Until this issue is resolved, the CMIS endpoints should be deactivated for projects that use security policies.

Attachments

Issue Links

is required by

NXP-14979 Implement CMISQL on top of NXQL

Resolved

Activity

People

Assignee:

Florent Guillaume

Reporter:

Ronald Gavlin

Participants:

Florent Guillaume, Jenkins, Ronald Gavlin

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2013-05-28 11:29

Updated:

2014-08-20 13:39

Resolved:

2013-07-19 13:54