[jira] [Updated] (SLING-2136) Sling POST Servlet: Configuration of Allowed Paths

["Tobias Bocanegra (Updated) (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/SLING-2136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tobias Bocanegra updated SLING-2136:
------------------------------------

    Attachment: post_servlet_filter-1205238.patch

Patch that introduces a new configuration for a simple
allow/deny path filter list.
                
> Sling POST Servlet: Configuration of Allowed Paths
> --------------------------------------------------
>
>                 Key: SLING-2136
>                 URL: https://issues.apache.org/jira/browse/SLING-2136
>             Project: Sling
>          Issue Type: Improvement
>          Components: Servlets
>    Affects Versions: Servlets Post 2.1.2
>            Reporter: Andrew Khoury
>         Attachments: post_servlet_filter-1205238.patch
>
>
> It would be nice if you could configure rules or regular expressions for paths the sling post servlet is allowed to work under.  This would be good for both security reasons and for protecting against conflicts with other servlets.
> For example:
> Let's say you have a servlet ReplicationServlet registered to receive POST requests under path /bin/replicate.
> However, during startup, before the ReplicationServlet component has been enabled, a user tries to do a POST to /bin/replicate.  In this case, instead of executing the ReplicationServlet, the POST servlet is executed and it creates a node under /bin/replicate.  Now, as long as the node /bin/replicate exists... the ReplicationServlet will not be executed for requests to /bin/replicate.  This presents a problem and explains the necessity for this feature.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira