[ https://issues.apache.org/jira/browse/SLING-4749?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oliver Lietz resolved SLING-4749. --------------------------------- Resolution: Duplicate > Request using "sling:bg=true" causes StackOverflow when no read access to /var > ------------------------------------------------------------------------------ > > Key: SLING-4749 > URL: https://issues.apache.org/jira/browse/SLING-4749 > Project: Sling > Issue Type: Bug > Components: Extensions > Affects Versions: Background Servlet 1.0.0 > Reporter: Jörg Hoh > Assignee: Bertrand Delacretaz > > I have a system, where the anonymous user does not have read access to > /var/bg. When I do a call to it (for example: > http://localhost:4503/?sling:bg=true", it returns with a internal server > error. The log shows a stackoverflow exception, caused by > {code} > ... > at > org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54) > at > org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54) > ... > {code} > Looking at this line in the code I see a recursive call of deepCreateNode, > which is executed, when the item itself does not exist. Which is true from > the view of an anonymous session, which doesn't have read access to nodes > beneath /var. > The code should be improved, so it does either check with an admin session > that the path exists, but is simply not readable, or preferably add some > detection, that it has already reached "/" and that it doesn't make sense to > continue then. -- This message was sent by Atlassian JIRA (v6.3.4#6332)