You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2023/05/04 09:25:00 UTC

[jira] [Resolved] (SLING-3333) Avoid mounting Sling servlets on paths, prefer resource types

     [ https://issues.apache.org/jira/browse/SLING-3333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Carsten Ziegeler resolved SLING-3333.
-------------------------------------
    Resolution: Won't Fix

> Avoid mounting Sling servlets on paths, prefer resource types
> -------------------------------------------------------------
>
>                 Key: SLING-3333
>                 URL: https://issues.apache.org/jira/browse/SLING-3333
>             Project: Sling
>          Issue Type: Improvement
>          Components: Best practices
>            Reporter: Bertrand Delacretaz
>            Priority: Major
>
> As mentioned at http://sling.apache.org/documentation/the-sling-engine/servlets.html, mounting a servlet on a resource type can be done for most servlets that are mounted on paths using the sling.servlet.paths service property, and in most cases mounting on a resource type is preferable.
> Mounting a Sling servlet on a path does not allow one to setup fine-grained access control. There's no way to prevent some users from accessing the servlet if any users have access to it.
> The way to avoid this is to mount the servlet on a specific Sling resource type, and create resources that point to it by their sling:resourceType property. You can then set access control on those nodes as required.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)