You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2014/04/04 11:08:08 UTC
[jira] [Closed] (SLING-3482) Synthetic resources should lead to a
404
[ https://issues.apache.org/jira/browse/SLING-3482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler closed SLING-3482.
-----------------------------------
> Synthetic resources should lead to a 404
> ----------------------------------------
>
> Key: SLING-3482
> URL: https://issues.apache.org/jira/browse/SLING-3482
> Project: Sling
> Issue Type: Bug
> Components: ResourceResolver
> Affects Versions: Resource Resolver 1.0.6
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: Resource Resolver 1.1.0
>
>
> If e.g. /libs is requested by a user who does not have access to /libs, a synthetic resource for libs is returned which is then rendered.
> This is due to the special handling for servlet resources which are mounted at /libs/....
> I think the code in ResourceProviderEntry#getInternalResource is too generic:
> if (entries.size() > 0 && entries.size() == elements.length) {
> if (entries.get(entries.size() - 1).getResourceProviders().length == 0) {
> logger.debug("Resolved Synthetic {}", fullPath);
> return new SyntheticResource(resourceResolver, fullPath, ResourceProvider.RESOURCE_TYPE_SYNTHETIC);
> }
> }
> However, fixing this might break other parts like the servlet resolver relying on it
--
This message was sent by Atlassian JIRA
(v6.2#6252)