You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Konrad Windszus (JIRA)" <ji...@apache.org> on 2017/03/24 10:39:41 UTC
[jira] [Commented] (SLING-6703) Sling Post Servlet: Do not hide
original exception in AbstractPostResponse.setError
[ https://issues.apache.org/jira/browse/SLING-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15940136#comment-15940136 ]
Konrad Windszus commented on SLING-6703:
----------------------------------------
I did not some more test and could not see any repository internals being exposed through exceptions for user's without the appropriate privileges. If that would be the case, it would need to be fixed in the underlying resource resolver then, because the Sling POST Servlet takes the current request resource resolver for all operation.
Therefore I reverted the fix from SLING-4415 in [r1788402|https://svn.apache.org/r1788402].
> Sling Post Servlet: Do not hide original exception in AbstractPostResponse.setError
> -----------------------------------------------------------------------------------
>
> Key: SLING-6703
> URL: https://issues.apache.org/jira/browse/SLING-6703
> Project: Sling
> Issue Type: Improvement
> Components: Servlets
> Affects Versions: Servlets Post 2.3.14
> Reporter: Konrad Windszus
> Assignee: Konrad Windszus
> Fix For: Servlets Post 2.3.16
>
>
> Currently {{AbstractPostResponse.setError}} (https://github.com/apache/sling/blob/4df9ab2d6592422889c71fa13afd453a10a5a626/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java#L221) always ignores the given {{Throwable}} and just creates a new generic {{SlingException}}.
> To e.g. allow {{SlingPostProcessor}} to throw meaningful exceptions which occur in the response body, the given exception should not be wrapped but just the given throwable's message text should be given out in the document.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)