sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Norman (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (SLING-7816) The GetAclServlet and GetEffectiveAclServlet components should be only mapped to the json extension
Date Wed, 08 Aug 2018 18:06:00 GMT

     [ https://issues.apache.org/jira/browse/SLING-7816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Eric Norman resolved SLING-7816.
--------------------------------
    Resolution: Fixed

Resolved with: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/commit/dd9f3e19d8060608c2e28f3bb83d699d4a170305

> The GetAclServlet and GetEffectiveAclServlet components should be only mapped to the
json extension
> ---------------------------------------------------------------------------------------------------
>
>                 Key: SLING-7816
>                 URL: https://issues.apache.org/jira/browse/SLING-7816
>             Project: Sling
>          Issue Type: Bug
>    Affects Versions: JCR Jackrabbit Access Manager 3.0.0
>            Reporter: Eric Norman
>            Priority: Major
>             Fix For: JCR Jackrabbit Access Manager 3.0.2
>
>
> The GetAclServlet and GetEffectiveAclServlet are missing the "sling.servlet.extensions=json"
property which means that those servlets may get unintentionally mapped to other (non-json)
file extensions.
> This defect can prevent the developer from providing a custom libs/sling/servlet/default/acl.html
script to provide an HTML view of the acl of a JCR node.
> For example, without the missing "sling.servlet.extensions=json" property, a request
to /node.acl.html may return the json response instead of the expected response from the
acl.html script.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message