sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konrad Windszus (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
Date Wed, 10 May 2017 11:22:04 GMT

    [ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16004498#comment-16004498
] 

Konrad Windszus commented on SLING-6053:
----------------------------------------

But {{isNodeRequiresAuthHandler("/resource1.test.html", "/resource1")}} returns true

> SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
> ------------------------------------------------------------------------
>
>                 Key: SLING-6053
>                 URL: https://issues.apache.org/jira/browse/SLING-6053
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.3.18
>            Reporter: Miklos Csere
>            Assignee: Antonio Sanso
>            Priority: Blocker
>             Fix For: Auth Core 1.3.26
>
>         Attachments: SLING-6053-patch.txt
>
>
> Issue can be reproduced with the following steps:
>     Create node "/page" 
>     Create sibling node "/page1"
>     Define a protection handler for node: "/page"
> Expected: 
>             "/page" has AuthenticationInfo
>              "/page1" does not have AuthenticationInfo (has anonymous)
>   
> Actual:  "/page" & "page1" are both having AuthenticationInfo
>      
> Reason: SlingAuthenticator.java line 726:  if (path.startsWith(holder.path)) Warning:
The same check is used in 4 more places in code with similar behaviour.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message