You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Eric Norman (JIRA)" <ji...@apache.org> on 2018/08/08 18:06:00 UTC
[jira] [Resolved] (SLING-7816) The GetAclServlet and
GetEffectiveAclServlet components should be only mapped to the json
extension
[ https://issues.apache.org/jira/browse/SLING-7816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Norman resolved SLING-7816.
--------------------------------
Resolution: Fixed
Resolved with: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/commit/dd9f3e19d8060608c2e28f3bb83d699d4a170305
> The GetAclServlet and GetEffectiveAclServlet components should be only mapped to the json extension
> ---------------------------------------------------------------------------------------------------
>
> Key: SLING-7816
> URL: https://issues.apache.org/jira/browse/SLING-7816
> Project: Sling
> Issue Type: Bug
> Affects Versions: JCR Jackrabbit Access Manager 3.0.0
> Reporter: Eric Norman
> Priority: Major
> Fix For: JCR Jackrabbit Access Manager 3.0.2
>
>
> The GetAclServlet and GetEffectiveAclServlet are missing the "sling.servlet.extensions=json" property which means that those servlets may get unintentionally mapped to other (non-json) file extensions.
> This defect can prevent the developer from providing a custom libs/sling/servlet/default/acl.html script to provide an HTML view of the acl of a JCR node.
> For example, without the missing "sling.servlet.extensions=json" property, a request to /node.acl.html may return the json response instead of the expected response from the acl.html script.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)