You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2023/04/13 05:06:00 UTC

[jira] [Resolved] (SLING-2136) Sling POST Servlet: Configuration of Allowed Paths

     [ https://issues.apache.org/jira/browse/SLING-2136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Carsten Ziegeler resolved SLING-2136.
-------------------------------------
    Resolution: Won't Fix

> Sling POST Servlet: Configuration of Allowed Paths
> --------------------------------------------------
>
>                 Key: SLING-2136
>                 URL: https://issues.apache.org/jira/browse/SLING-2136
>             Project: Sling
>          Issue Type: Improvement
>          Components: Servlets
>    Affects Versions: Servlets Post 2.1.2
>            Reporter: Andrew Khoury
>            Priority: Major
>         Attachments: post_servlet_filter-1205238.patch
>
>
> It would be nice if you could configure rules or regular expressions for paths the sling post servlet is allowed to work under.  This would be good for both security reasons and for protecting against conflicts with other servlets.
> For example:
> Let's say you have a servlet ReplicationServlet registered to receive POST requests under path /bin/replicate.
> However, during startup, before the ReplicationServlet component has been enabled, a user tries to do a POST to /bin/replicate.  In this case, instead of executing the ReplicationServlet, the POST servlet is executed and it creates a node under /bin/replicate.  Now, as long as the node /bin/replicate exists... the ReplicationServlet will not be executed for requests to /bin/replicate.  This presents a problem and explains the necessity for this feature.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)