sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konrad Windszus <konra...@gmx.de>
Subject Re: [VOTE] Release Apache Sling Authentication Service 1.3.26
Date Wed, 10 May 2017 12:16:18 GMT
Hi Antonio,
Sorry for the confusion, I was wrongly assuming that you fixed my original concern without
checking further in the code.
But in fact there are still unexpected corner cases which cover the wrong nodes (see my last
comments in SLING-6053).

Not sure how to proceed here, but the previous mechanism of prefix path matching was at least
easy to describe, although kind of unexpected. Now the more sophisticated matching gives the
wrong certainty that you can now easily restrict authentication to certain resource paths
(and children) which is not the case because the mechanism still only relies on request paths
only (and not on resource paths).

The cleanest solution would be IMHO to involve the resource resolver there already, but I
haven't checked the implications.
Konrad


> On 10. May 2017, at 14:06, Antonio Sanso <asanso@adobe.com.INVALID> wrote:
> 
> hi Konrad,
> 
> I am confused now since you were in favor for it in the first place … https://issues.apache.org/jira/browse/SLING-6053?focusedCommentId=16000473&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16000473
> 
> regards
> 
> antonio
> 
> On May 10, 2017, at 11:21 AM, Konrad Windszus <konrad_w@gmx.de> wrote:
> 
>> Sorry for insisting on it, but I am still not 100% convinced the patch for SLING-6053
works correctly.
>> See my comment in https://issues.apache.org/jira/browse/SLING-6053?focusedCommentId=16004357&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16004357.
>> 
>> The general problem is that in Sling you cannot uniquely extract the resource path
from a given url (because resource names may contain "." as well).
>> Thanks,
>> Konrad
>> 
>>> On 10. May 2017, at 11:04, Antonio Sanso <asanso@adobe.com.INVALID> wrote:
>>> 
>>> Hi,
>>> 
>>> We solved 1 issue in this release:
>>> https://issues.apache.org/jira/browse/SLING-6053
>>> 
>>> Staging repository:
>>> https://repository.apache.org/content/repositories/orgapachesling-1716/
>>> 
>>> You can use this UNIX script to download the release and verify the signatures:
>>> http://svn.apache.org/repos/asf/sling/trunk/check_staged_release.sh
>>> 
>>> Usage:
>>> sh check_staged_release.sh 1716 /tmp/sling-staging
>>> 
>>> Please vote to approve this release:
>>> 
>>> [ ] +1 Approve the release
>>> [ ]  0 Don't care
>>> [ ] -1 Don't release, because ...
>>> 
>>> This majority vote is open for at least 72 hours.
>> 
> 


Mime
View raw message