kwin commented on code in PR #2300:
URL: https://github.com/apache/jackrabbit-oak/pull/2300#discussion_r2166672433
##########
oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java:
##########
@@ -62,13 +64,13 @@ public Boolean perform() {
public void checkPermissions(@NotNull String oakPath, @NotNull String
actions) throws RepositoryException {
if (!hasPermissions(oakPath, actions)) {
- throw new AccessDeniedException("Access denied.");
+ throw new AccessDeniedException(String.format(Locale.ROOT, "Access
denied at path '%s'", oakPath));
Review Comment:
Why don't we include actions/permissions (and potentially also used
principal names)? I don't think this exposes anything security relevant.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: oak-dev-unsubscr...@jackrabbit.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
