You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2008/03/12 13:15:12 UTC

svn commit: r636294 - /incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/SlingMainServlet.java

Author: fmeschbe
Date: Wed Mar 12 05:15:10 2008
New Revision: 636294

URL: http://svn.apache.org/viewvc?rev=636294&view=rev
Log:
SLING-319 Don't treat initial resource load special any more and send 403/FORBIDDEN
on any occurrence of an AccessControlException

Modified:
    incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/SlingMainServlet.java

Modified: incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/SlingMainServlet.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/SlingMainServlet.java?rev=636294&r1=636293&r2=636294&view=diff
==============================================================================
--- incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/SlingMainServlet.java (original)
+++ incubator/sling/trunk/sling/core/src/main/java/org/apache/sling/core/impl/SlingMainServlet.java Wed Mar 12 05:15:10 2008
@@ -262,28 +262,9 @@
             }
 
             // initialize the request data - resolve resource and servlet
-            Resource resource = null;
-            try {
-                ResourceResolver resolver = getResourceResolverFactory().getResourceResolver(
-                    session);
-                resource = requestData.initResource(resolver);
-            } catch (AccessControlException ace) {
-                // SLING-309
-                // if this is the anonymous user, send request to authenticate
-                if ( request.getAttribute(HttpContext.AUTHENTICATION_TYPE) == null ) {
-                    getSlingAuthenticator().requestAuthentication(request, response);
-                    return;
-                }
-
-                // if this is not the anonymous user, send 404
-                // try to request authentication fail, if not possible
-                log.info(
-                    "service: Authenticated user {} does not have enough rights to executed requested action",
-                    request.getRemoteUser());
-                getErrorHandler().handleError(HttpServletResponse.SC_NOT_FOUND,
-                        null, request, response);
-                return;
-            }
+            ResourceResolver resolver = getResourceResolverFactory().getResourceResolver(
+                session);
+            Resource resource = requestData.initResource(resolver);
             requestData.initServlet(resource);
 
             Filter[] filters = requestFilterChain.getFilters();
@@ -325,12 +306,12 @@
 
         } catch (AccessControlException ace) {
 
-            // SLING-309 if anything goes wrong, send 404
+            // SLING-319 if anything goes wrong, send 403/FORBIDDEN
             log.info(
                 "service: Authenticated user {} does not have enough rights to executed requested action",
                 request.getRemoteUser());
-            getErrorHandler().handleError(HttpServletResponse.SC_NOT_FOUND,
-                    null, request, response);
+            getErrorHandler().handleError(HttpServletResponse.SC_FORBIDDEN,
+                null, request, response);
 
         } catch (Throwable t) {