Comments (4)
So, it was intentional to remove the ability for even the admin user (not an adminstrator, but the admin account itself) from being able to access when the groups are empty? That isn't security, IMO.
If you are blocking the admin user (aka the one who can do anything on the server, regardless how it is restricted by permissions) then you are removing an avenue to allow only the admin access without creating a special group for the admin account.
That sounds overkill to me. The admin, in every other case within AEM, can do anything, and has special privileges to access anything. even within jackrabbit itself (examples 1 and 2).
Ostensibly, the groovy console is the only important/useful thing this add-on installs. Forcing a user (who has admin privileges to install it in the first place) to go through such a boilerplate hoop to get it working OOTB is silly.
Please note; I am not advocating for the removal of the configuration that secures it, and leaving the default false
for all other users (aka not the admin) makes perfect sense. All I am advocating is "secure by default, which means only the admin can do it without configuration".
from aem-groovy-console.
Additional note:
If you decide to not change the behavior of the console, then you may want to at least consider documenting the fact that is is entirely unusable unless at least one group name is set in the config.
from aem-groovy-console.
Hi, this change was intentional to make the tool secure by default.
from aem-groovy-console.
Agreed, thanks for your input on this.
from aem-groovy-console.
Related Issues (20)
- Groovy console does not execute scripts with admin user HOT 3
- Groovy console 14.0 exception in AEM 6.5.3
- Please update jQuery and Moment frontend dependencies HOT 7
- Version 15.1.0 does not run on AEM 6.4.5 HOT 2
- Released artifacts not available 16.0.0 HOT 2
- ClassNotFound: ScriptContext
- 14.0.0 : 'Save' and 'Open' buttons are missing on Publish Instance HOT 2
- Not working with Java 11 HOT 1
- aem-groovy-console bundle status is in installed state rather than active, HOT 1
- Make compatible with AEMaaCS HOT 1
- Improvements for long-running scripts HOT 1
- No buttons appear on Console
- How to install? Where do you put the downloaded zip? HOT 1
- groovyConsole: email option not working on cloud
- Table rendering breaks on subsequent runs
- Update readme to point to new maintained AEM groovy console
- NoClassDef Found Error when running a script with recurse
- Request agnostic groovy console service script execution HOT 2
- Subpackage / OakPAL validation error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aem-groovy-console.