You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2014/04/04 11:08:08 UTC

[jira] [Closed] (SLING-3482) Synthetic resources should lead to a 404

     [ https://issues.apache.org/jira/browse/SLING-3482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Carsten Ziegeler closed SLING-3482.
-----------------------------------


> Synthetic resources should lead to a 404
> ----------------------------------------
>
>                 Key: SLING-3482
>                 URL: https://issues.apache.org/jira/browse/SLING-3482
>             Project: Sling
>          Issue Type: Bug
>          Components: ResourceResolver
>    Affects Versions: Resource Resolver 1.0.6
>            Reporter: Carsten Ziegeler
>            Assignee: Carsten Ziegeler
>             Fix For: Resource Resolver 1.1.0
>
>
> If e.g. /libs is requested by a user who does not have access to /libs, a synthetic resource for libs is returned which is then rendered.
> This is due to the special handling for servlet resources which are mounted at /libs/....
> I think the code in ResourceProviderEntry#getInternalResource is too generic:
>             if (entries.size() > 0 && entries.size() == elements.length) {
>                 if (entries.get(entries.size() - 1).getResourceProviders().length == 0) {
>                     logger.debug("Resolved Synthetic {}", fullPath);
>                     return new SyntheticResource(resourceResolver, fullPath, ResourceProvider.RESOURCE_TYPE_SYNTHETIC);
>                 }
>             }
> However, fixing this might break other parts like the servlet resolver relying on it



--
This message was sent by Atlassian JIRA
(v6.2#6252)