You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Alexander Klimetschek (Commented) (JIRA)" <ji...@apache.org> on 2012/02/15 18:26:59 UTC

[jira] [Commented] (SLING-2136) Sling POST Servlet: Configuration of Allowed Paths

    [ https://issues.apache.org/jira/browse/SLING-2136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13208596#comment-13208596 ] 

Alexander Klimetschek commented on SLING-2136:
----------------------------------------------

@Justin: The paths are different in your integration test, explaining why they don't conflict:

- servlet registered under "/testing/PathsServletNodeServlet"
- content path created at "/testing/PathsServlet/foo"

The content path should be exactly the same ("/testing/PathsServletNodeServlet") to test the original described issue. I am quite sure that this is a problem.
                
> Sling POST Servlet: Configuration of Allowed Paths
> --------------------------------------------------
>
>                 Key: SLING-2136
>                 URL: https://issues.apache.org/jira/browse/SLING-2136
>             Project: Sling
>          Issue Type: Improvement
>          Components: Servlets
>    Affects Versions: Servlets Post 2.1.2
>            Reporter: Andrew Khoury
>         Attachments: post_servlet_filter-1205238.patch
>
>
> It would be nice if you could configure rules or regular expressions for paths the sling post servlet is allowed to work under.  This would be good for both security reasons and for protecting against conflicts with other servlets.
> For example:
> Let's say you have a servlet ReplicationServlet registered to receive POST requests under path /bin/replicate.
> However, during startup, before the ReplicationServlet component has been enabled, a user tries to do a POST to /bin/replicate.  In this case, instead of executing the ReplicationServlet, the POST servlet is executed and it creates a node under /bin/replicate.  Now, as long as the node /bin/replicate exists... the ReplicationServlet will not be executed for requests to /bin/replicate.  This presents a problem and explains the necessity for this feature.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira