[jira] [Created] (SLING-10094) Update embedded version of xalan
Antonio Sanso created SLING-10094: - Summary: Update embedded version of xalan Key: SLING-10094 URL: https://issues.apache.org/jira/browse/SLING-10094 Project: Sling Issue Type: Task Components: XSS Protection API Reporter: Antonio Sanso org.apache.sling.xss 2.2.2 and above still embed Xalan 2.7.0. It would be beneficial to use the most recent version of Xalan: 2.7.2 or above -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (SLING-9418) Usage of SHA-256 is insecure
[ https://issues.apache.org/jira/browse/SLING-9418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17101654#comment-17101654 ] Antonio Sanso commented on SLING-9418: -- [~mahir.kabir] i resolved as invalid. Feel free to reopen should not agree. Your comments apply to hashing a password and this is not the case here. > Usage of SHA-256 is insecure > > > Key: SLING-9418 > URL: https://issues.apache.org/jira/browse/SLING-9418 > Project: Sling > Issue Type: Improvement >Reporter: Md Mahir Asef Kabir >Priority: Major > > *Vulnerability Description:* In > “src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyRequestValidator.java” > file the following code was written in > {code:java} > private String hash(String toHash){code} > method - > {code:java} > MessageDigest m = MessageDigest.getInstance("SHA-256");{code} > The vulnerability is, using "SHA-256” as the argument to > MessageDigest.getInstance method. > *Reason it’s vulnerable:* According to > [this|https://securityboulevard.com/2019/07/insecure-default-password-hashing-in-cmss/], > “SHA256 functions do not include a salt and a separate function must be used > to add the salt”. Another reference can be found > [here|https://dusted.codes/sha-256-is-not-a-secure-password-hashing-algorithm]. > *Suggested Fix:* According to > [this|https://securityboulevard.com/2019/07/insecure-default-password-hashing-in-cmss/], > “The most secure current hash functions are BCRYPT, SCRYPT, and Argon2” > *Feedback:* Please select any of the options down below to help us get an > idea about how you felt about the suggestion - > # Liked it and will make the suggested changes > # Liked it but happy with the existing version > # Didn’t find the suggestion helpful > > *Note:* Tagging *[~stefanegli]* as suggested by [~rombert] in this [pull > request.|https://github.com/apache/sling-org-apache-sling-discovery-base/pull/1] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (SLING-9418) Usage of SHA-256 is insecure
[ https://issues.apache.org/jira/browse/SLING-9418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-9418. -- Resolution: Invalid > Usage of SHA-256 is insecure > > > Key: SLING-9418 > URL: https://issues.apache.org/jira/browse/SLING-9418 > Project: Sling > Issue Type: Improvement >Reporter: Md Mahir Asef Kabir >Priority: Major > > *Vulnerability Description:* In > “src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyRequestValidator.java” > file the following code was written in > {code:java} > private String hash(String toHash){code} > method - > {code:java} > MessageDigest m = MessageDigest.getInstance("SHA-256");{code} > The vulnerability is, using "SHA-256” as the argument to > MessageDigest.getInstance method. > *Reason it’s vulnerable:* According to > [this|https://securityboulevard.com/2019/07/insecure-default-password-hashing-in-cmss/], > “SHA256 functions do not include a salt and a separate function must be used > to add the salt”. Another reference can be found > [here|https://dusted.codes/sha-256-is-not-a-secure-password-hashing-algorithm]. > *Suggested Fix:* According to > [this|https://securityboulevard.com/2019/07/insecure-default-password-hashing-in-cmss/], > “The most secure current hash functions are BCRYPT, SCRYPT, and Argon2” > *Feedback:* Please select any of the options down below to help us get an > idea about how you felt about the suggestion - > # Liked it and will make the suggested changes > # Liked it but happy with the existing version > # Didn’t find the suggestion helpful > > *Note:* Tagging *[~stefanegli]* as suggested by [~rombert] in this [pull > request.|https://github.com/apache/sling-org-apache-sling-discovery-base/pull/1] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (SLING-9418) Usage of SHA-256 is insecure
[ https://issues.apache.org/jira/browse/SLING-9418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17101506#comment-17101506 ] Antonio Sanso commented on SLING-9418: -- [~stefanegli] I do not think the salt applie to this case. IMHO is fine as it is. > Usage of SHA-256 is insecure > > > Key: SLING-9418 > URL: https://issues.apache.org/jira/browse/SLING-9418 > Project: Sling > Issue Type: Improvement >Reporter: Md Mahir Asef Kabir >Priority: Major > > *Vulnerability Description:* In > “src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyRequestValidator.java” > file the following code was written in > {code:java} > private String hash(String toHash){code} > method - > {code:java} > MessageDigest m = MessageDigest.getInstance("SHA-256");{code} > The vulnerability is, using "SHA-256” as the argument to > MessageDigest.getInstance method. > *Reason it’s vulnerable:* According to > [this|https://securityboulevard.com/2019/07/insecure-default-password-hashing-in-cmss/], > “SHA256 functions do not include a salt and a separate function must be used > to add the salt”. Another reference can be found > [here|https://dusted.codes/sha-256-is-not-a-secure-password-hashing-algorithm]. > *Suggested Fix:* According to > [this|https://securityboulevard.com/2019/07/insecure-default-password-hashing-in-cmss/], > “The most secure current hash functions are BCRYPT, SCRYPT, and Argon2” > *Feedback:* Please select any of the options down below to help us get an > idea about how you felt about the suggestion - > # Liked it and will make the suggested changes > # Liked it but happy with the existing version > # Didn’t find the suggestion helpful > > *Note:* Tagging *[~stefanegli]* as suggested by [~rombert] in this [pull > request.|https://github.com/apache/sling-org-apache-sling-discovery-base/pull/1] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (SLING-8838) Add HEAD support to ContentDispositionFilter
[ https://issues.apache.org/jira/browse/SLING-8838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012616#comment-17012616 ] Antonio Sanso commented on SLING-8838: -- [~rombert] I do not see why not... > Add HEAD support to ContentDispositionFilter > > > Key: SLING-8838 > URL: https://issues.apache.org/jira/browse/SLING-8838 > Project: Sling > Issue Type: New Feature > Components: Extensions >Affects Versions: Security 1.1.10 >Reporter: Ilyas Türkben >Priority: Major > > As per \(*) {{ContentDispositionFilter}} doesn't seem to support HEAD > requests. > It is handy to use curl with {{curl -I http://localhost/path}} in order to > retrieve only the response headers rather than the whole content, especially > with blobs. > * > https://github.com/apache/sling-org-apache-sling-security/blob/master/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java#L205 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (SLING-8775) java.lang.StackOverflowError in XSSAPI.getValidHref
[ https://issues.apache.org/jira/browse/SLING-8775?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-8775: - Description: The regex pattern in XSSAPI.getValidHref may cause StackOverflowError . try 'xssAPI.getValidHref(String)' API throwing StackOverflowError. Input string param that has a length of '1700' or more. {code} Caused by: java.lang.StackOverflowError at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3951) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at
[jira] [Created] (SLING-8775) java.lang.StackOverflowError in XSSAPI.getValidHref
Antonio Sanso created SLING-8775: Summary: java.lang.StackOverflowError in XSSAPI.getValidHref Key: SLING-8775 URL: https://issues.apache.org/jira/browse/SLING-8775 Project: Sling Issue Type: Bug Components: XSS Protection API Reporter: Antonio Sanso The regex pattern in XSSAPI.getValidHref may cause StackOverflowError . Test case to follow {code} Caused by: java.lang.StackOverflowError at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3951) at java.base/java.util.regex.Pattern$Branch.match(Pattern.java:4736) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at java.base/java.util.regex.Pattern$Loop.match(Pattern.java:4928) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$BranchConn.match(Pattern.java:4700) at java.base/java.util.regex.Pattern$GroupTail.match(Pattern.java:4850) at java.base/java.util.regex.Pattern$CharPropertyGreedy.match(Pattern.java:4293) at java.base/java.util.regex.Pattern$CharProperty.match(Pattern.java:3927) at java.base/java.util.regex.Pattern$GroupHead.match(Pattern.java:4791) at
[jira] [Resolved] (SLING-8405) Improve Encoding in the Logger WebConsolePlugin
[ https://issues.apache.org/jira/browse/SLING-8405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-8405. -- Resolution: Invalid > Improve Encoding in the Logger WebConsolePlugin > > > Key: SLING-8405 > URL: https://issues.apache.org/jira/browse/SLING-8405 > Project: Sling > Issue Type: Improvement > Components: Commons >Reporter: Antonio Sanso >Priority: Minor > > It would be good to improve the encoding in the Logger WebConsolePlugin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-8405) Improve Encoding in the Log WebConsolePlugin
Antonio Sanso created SLING-8405: Summary: Improve Encoding in the Log WebConsolePlugin Key: SLING-8405 URL: https://issues.apache.org/jira/browse/SLING-8405 Project: Sling Issue Type: Improvement Components: Commons Reporter: Antonio Sanso It would be good to improve the encoding in the Log WebConsolePlugin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-8405) Improve Encoding in the Logger WebConsolePlugin
[ https://issues.apache.org/jira/browse/SLING-8405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-8405: - Description: It would be good to improve the encoding in the Logger WebConsolePlugin (was: It would be good to improve the encoding in the Log WebConsolePlugin ) Summary: Improve Encoding in the Logger WebConsolePlugin (was: Improve Encoding in the Log WebConsolePlugin ) > Improve Encoding in the Logger WebConsolePlugin > > > Key: SLING-8405 > URL: https://issues.apache.org/jira/browse/SLING-8405 > Project: Sling > Issue Type: Improvement > Components: Commons >Reporter: Antonio Sanso >Priority: Minor > > It would be good to improve the encoding in the Logger WebConsolePlugin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-8389) Improve Encoding in the Servlet WebConsolePlugin
[ https://issues.apache.org/jira/browse/SLING-8389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-8389. -- Resolution: Invalid > Improve Encoding in the Servlet WebConsolePlugin > - > > Key: SLING-8389 > URL: https://issues.apache.org/jira/browse/SLING-8389 > Project: Sling > Issue Type: Improvement > Components: Servlets >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Major > Fix For: Servlets Resolver 2.5.6 > > > It would be good to improve the Encoding in the Servlet WebConsolePlugin > [0] > https://github.com/apache/sling-org-apache-sling-servlets-resolver/blob/master/src/main/java/org/apache/sling/servlets/resolver/internal/console/WebConsolePlugin.java -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-8389) Improve Encoding in the Servlet WebConsolePlugin
[ https://issues.apache.org/jira/browse/SLING-8389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-8389: - Fix Version/s: Servlets Resolver 2.5.6 > Improve Encoding in the Servlet WebConsolePlugin > - > > Key: SLING-8389 > URL: https://issues.apache.org/jira/browse/SLING-8389 > Project: Sling > Issue Type: Improvement > Components: Servlets >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Major > Fix For: Servlets Resolver 2.5.6 > > > It would be good to improve the Encoding in the Servlet WebConsolePlugin > [0] > https://github.com/apache/sling-org-apache-sling-servlets-resolver/blob/master/src/main/java/org/apache/sling/servlets/resolver/internal/console/WebConsolePlugin.java -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (SLING-8389) Improve Encoding in the Servlet WebConsolePlugin
[ https://issues.apache.org/jira/browse/SLING-8389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-8389: Assignee: Antonio Sanso > Improve Encoding in the Servlet WebConsolePlugin > - > > Key: SLING-8389 > URL: https://issues.apache.org/jira/browse/SLING-8389 > Project: Sling > Issue Type: Improvement > Components: Servlets >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Major > > It would be good to improve the Encoding in the Servlet WebConsolePlugin > [0] > https://github.com/apache/sling-org-apache-sling-servlets-resolver/blob/master/src/main/java/org/apache/sling/servlets/resolver/internal/console/WebConsolePlugin.java -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-8403) Update composum.version to a newer version
[ https://issues.apache.org/jira/browse/SLING-8403?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-8403. -- Resolution: Fixed Fix Version/s: Starter 12 Fixed in 2bc8c53fb5f3f20da1437d56013de4d25bbccd96 > Update composum.version to a newer version > -- > > Key: SLING-8403 > URL: https://issues.apache.org/jira/browse/SLING-8403 > Project: Sling > Issue Type: Task > Components: Starter >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > Fix For: Starter 12 > > > Composum 1.9.4 was released. It would be good to Update composum.version to > this newer version -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-8403) Update composum.version to a newer version
Antonio Sanso created SLING-8403: Summary: Update composum.version to a newer version Key: SLING-8403 URL: https://issues.apache.org/jira/browse/SLING-8403 Project: Sling Issue Type: Task Components: Starter Reporter: Antonio Sanso Assignee: Antonio Sanso Composum 1.9.4 was released. It would be good to Update composum.version to this newer version -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-8389) Improve Encoding in the Servlet WebConsolePlugin
Antonio Sanso created SLING-8389: Summary: Improve Encoding in the Servlet WebConsolePlugin Key: SLING-8389 URL: https://issues.apache.org/jira/browse/SLING-8389 Project: Sling Issue Type: Improvement Components: Servlets Reporter: Antonio Sanso It would be good to improve the Encoding in the Servlet WebConsolePlugin [0] https://github.com/apache/sling-org-apache-sling-servlets-resolver/blob/master/src/main/java/org/apache/sling/servlets/resolver/internal/console/WebConsolePlugin.java -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-8276) Improve the HtmlResponse template
[ https://issues.apache.org/jira/browse/SLING-8276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-8276. -- Resolution: Won't Fix > Improve the HtmlResponse template > - > > Key: SLING-8276 > URL: https://issues.apache.org/jira/browse/SLING-8276 > Project: Sling > Issue Type: Improvement > Components: Servlets >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > > it would be good to improve the HtmlResponse template -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (SLING-6011) Register request listener through http whiteboard
[ https://issues.apache.org/jira/browse/SLING-6011?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-6011: Assignee: Carsten Ziegeler (was: Antonio Sanso) > Register request listener through http whiteboard > - > > Key: SLING-6011 > URL: https://issues.apache.org/jira/browse/SLING-6011 > Project: Sling > Issue Type: Improvement > Components: Authentication >Reporter: Carsten Ziegeler >Assignee: Carsten Ziegeler >Priority: Major > Fix For: Auth Core 1.3.18 > > > The request listener is currently registered through the Apache Felix > whiteboard, we should use the official http whiteboard registration instead -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (SLING-6011) Register request listener through http whiteboard
[ https://issues.apache.org/jira/browse/SLING-6011?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-6011: Assignee: Antonio Sanso (was: Carsten Ziegeler) > Register request listener through http whiteboard > - > > Key: SLING-6011 > URL: https://issues.apache.org/jira/browse/SLING-6011 > Project: Sling > Issue Type: Improvement > Components: Authentication >Reporter: Carsten Ziegeler >Assignee: Antonio Sanso >Priority: Major > Fix For: Auth Core 1.3.18 > > > The request listener is currently registered through the Apache Felix > whiteboard, we should use the official http whiteboard registration instead -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-8276) Improve the HtmlResponse template
Antonio Sanso created SLING-8276: Summary: Improve the HtmlResponse template Key: SLING-8276 URL: https://issues.apache.org/jira/browse/SLING-8276 Project: Sling Issue Type: Improvement Components: Servlets Reporter: Antonio Sanso Assignee: Antonio Sanso it would be good to improve the HtmlResponse template -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-7436) Wrong content/type in the Default JSON Renderer
[ https://issues.apache.org/jira/browse/SLING-7436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16681033#comment-16681033 ] Antonio Sanso commented on SLING-7436: -- [~cziegeler] AFAIR the problem is not the content content type but the fact the file is automatically download. In 2. is there a contention disposition being set ? > Wrong content/type in the Default JSON Renderer > > > Key: SLING-7436 > URL: https://issues.apache.org/jira/browse/SLING-7436 > Project: Sling > Issue Type: Bug > Components: Servlets >Reporter: Antonio Sanso >Priority: Major > > Steps to reproduce: > 1.Render a page (Renderer enabled) with JSON renderer. E.g: > [http://localhost.com/dir/page(selector] value).json > 2. Now, extend the url with a slash / and a name with any other extensions > e.g > [http://localhost.com/dir/page.(value).json/file.html].] > 3. Observe file.html was automatically downloaded > Credit: this issue was found by Md. Sabuktagin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7933) Evaluate Referrer Filter also for anonymous users
[ https://issues.apache.org/jira/browse/SLING-7933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-7933. > Evaluate Referrer Filter also for anonymous users > - > > Key: SLING-7933 > URL: https://issues.apache.org/jira/browse/SLING-7933 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Major > Fix For: Security 1.1.16 > > > The Referrer Filter is not evaluate for anonymous users. > This is a mix of a by design/regression. > Earlier the Filter were executing before authentication. This is not anymore > the case, hence we need a fix for it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-7933) Evaluate Referrer Filter also for anonymous users
[ https://issues.apache.org/jira/browse/SLING-7933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16618772#comment-16618772 ] Antonio Sanso commented on SLING-7933: -- fixed in 0d85834b841fa3485679f3c03583cabac8346f9d > Evaluate Referrer Filter also for anonymous users > - > > Key: SLING-7933 > URL: https://issues.apache.org/jira/browse/SLING-7933 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Major > Fix For: Security 1.1.14 > > > The Referrer Filter is not evaluate for anonymous users. > This is a mix of a by design/regression. > Earlier the Filter were executing before authentication. This is not anymore > the case, hence we need a fix for it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-7933) Evaluate Referrer Filter also for anonymous users
[ https://issues.apache.org/jira/browse/SLING-7933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-7933. -- Resolution: Fixed Fix Version/s: Security 1.1.14 > Evaluate Referrer Filter also for anonymous users > - > > Key: SLING-7933 > URL: https://issues.apache.org/jira/browse/SLING-7933 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Major > Fix For: Security 1.1.14 > > > The Referrer Filter is not evaluate for anonymous users. > This is a mix of a by design/regression. > Earlier the Filter were executing before authentication. This is not anymore > the case, hence we need a fix for it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-7933) Evaluate Referrer Filter also for anonymous users
[ https://issues.apache.org/jira/browse/SLING-7933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16617638#comment-16617638 ] Antonio Sanso commented on SLING-7933: -- [~cziegeler] suggested a really simple fix . It is indeed enough to rely on https://osgi.org/javadoc/osgi.cmpn/7.0.0/org/osgi/service/http/whiteboard/Preprocessor.html > Evaluate Referrer Filter also for anonymous users > - > > Key: SLING-7933 > URL: https://issues.apache.org/jira/browse/SLING-7933 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Major > > The Referrer Filter is not evaluate for anonymous users. > This is a mix of a by design/regression. > Earlier the Filter were executing before authentication. This is not anymore > the case, hence we need a fix for it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-7933) Evaluate Referrer Filter also for anonymous users
Antonio Sanso created SLING-7933: Summary: Evaluate Referrer Filter also for anonymous users Key: SLING-7933 URL: https://issues.apache.org/jira/browse/SLING-7933 Project: Sling Issue Type: Bug Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso The Referrer Filter is not evaluate for anonymous users. This is a mix of a by design/regression. Earlier the Filter were executing before authentication. This is not anymore the case, hence we need a fix for it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-7857) Unclosed ResourceResolver in org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2
[ https://issues.apache.org/jira/browse/SLING-7857?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-7857. -- Resolution: Duplicate > Unclosed ResourceResolver in > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2 > - > > Key: SLING-7857 > URL: https://issues.apache.org/jira/browse/SLING-7857 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Andrew Khoury >Assignee: Antonio Sanso >Priority: Minor > > This issue is still observed with org.apache.sling.auth.core v 1.4.0 which > SLING-6011 specifies the issue was resolved in version 1.3.18. > The SlingWebConsoleSecurityProvider it is handling the authentication but it > is not registering a servlet request listener to close the session at the end > of the request. > {noformat} > 15.09.2017 18:07:59.044 *INFO* [Apache Sling Resource Resolver Finalizer > Thread] > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl > Unclosed ResourceResolver was created here: > java.lang.Exception: Opening Stacktrace > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl$ResolverReference.(CommonResourceResolverFactoryImpl.java:521) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.register(CommonResourceResolverFactoryImpl.java:218) > at > org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:101) > at > org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:94) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.getResourceResolverInternal(CommonResourceResolverFactoryImpl.java:263) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.getResourceResolver(CommonResourceResolverFactoryImpl.java:173) > at > org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getResourceResolver(ResourceResolverFactoryImpl.java:105) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.getResolver(SlingAuthenticator.java:791) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:506) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:460) > at > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:69) > at > org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103) > at > org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:421) > at > org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:57) > at > org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:128) > at > org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) > at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812) > at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) > at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) > at org.eclipse.jetty.server.Server.handle(Server.java:499) > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) > at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) > at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) > at java.lang.Thread.run(Thread.java:745) > {noformat} > We should add this. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-7552) SlingPostServlet error handling still insufficient
[ https://issues.apache.org/jira/browse/SLING-7552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16488820#comment-16488820 ] Antonio Sanso commented on SLING-7552: -- [~joerghoh] maybe a less invasive solution would be to change the default for {{PostResponseWithErrorHandling}} to {{true}} see [0] [0]https://github.com/apache/sling-org-apache-sling-servlets-post/blob/master/src/main/java/org/apache/sling/servlets/post/impl/PostResponseWithErrorHandling.java#L59 > SlingPostServlet error handling still insufficient > -- > > Key: SLING-7552 > URL: https://issues.apache.org/jira/browse/SLING-7552 > Project: Sling > Issue Type: Improvement > Components: Servlets >Affects Versions: Servlets Post 2.3.24 >Reporter: Jörg Hoh >Priority: Major > Labels: patch > Attachments: SLING-7552-patch.diff > > > At the moment the default errorhandling of Sling [1] cannot be used for > errors caused and handled by the SlingPostServlet itself. It will always > return its own custom output without the chance of customizing it. Although > Antonio and Justing worked in SLING-2156 to improve this situation, it still > requires extra work (implementing a PostResponseWithErrorHandling). It would > be better if the output could be customized by the "standard error handling". > > How to reproduce: > * create an error handling script in > /apps/sling/servlet/errorhandler/default.jsp which creates some random output. > * Validate this script config by doing a request which causes some exception > (do not use the SlingPostServlet here) > * Do a POST to the Sling instance which results in an exception (e.g. due to > insufficient permissions. > * The output of the second call is completely determined by the > SlingPostServlet, the default error handling does not kick in. > Proposed solution: > * The SlingPostServlet should not swallow the exception and handle it by > itself, but rather re-throw it, so the standard error handling is triggered. > > [1] http://sling.apache.org/documentation/the-sling-engine/errorhandling.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (SLING-7552) SlingPostServlet error handling still insufficient
[ https://issues.apache.org/jira/browse/SLING-7552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16488820#comment-16488820 ] Antonio Sanso edited comment on SLING-7552 at 5/24/18 11:30 AM: [~joerghoh] maybe a less invasive solution would be to change the default for {{PostResponseWithErrorHandling}} to {{true}} see [0] [0]https://github.com/apache/sling-org-apache-sling-servlets-post/blob/master/src/main/java/org/apache/sling/servlets/post/impl/PostResponseWithErrorHandling.java#L59 was (Author: asanso): [~joerghoh] maybe a less invasive solution would be to change the default for {{PostResponseWithErrorHandling}} to {{true}} see [0] [0]https://github.com/apache/sling-org-apache-sling-servlets-post/blob/master/src/main/java/org/apache/sling/servlets/post/impl/PostResponseWithErrorHandling.java#L59 > SlingPostServlet error handling still insufficient > -- > > Key: SLING-7552 > URL: https://issues.apache.org/jira/browse/SLING-7552 > Project: Sling > Issue Type: Improvement > Components: Servlets >Affects Versions: Servlets Post 2.3.24 >Reporter: Jörg Hoh >Priority: Major > Labels: patch > Attachments: SLING-7552-patch.diff > > > At the moment the default errorhandling of Sling [1] cannot be used for > errors caused and handled by the SlingPostServlet itself. It will always > return its own custom output without the chance of customizing it. Although > Antonio and Justing worked in SLING-2156 to improve this situation, it still > requires extra work (implementing a PostResponseWithErrorHandling). It would > be better if the output could be customized by the "standard error handling". > > How to reproduce: > * create an error handling script in > /apps/sling/servlet/errorhandler/default.jsp which creates some random output. > * Validate this script config by doing a request which causes some exception > (do not use the SlingPostServlet here) > * Do a POST to the Sling instance which results in an exception (e.g. due to > insufficient permissions. > * The output of the second call is completely determined by the > SlingPostServlet, the default error handling does not kick in. > Proposed solution: > * The SlingPostServlet should not swallow the exception and handle it by > itself, but rather re-throw it, so the standard error handling is triggered. > > [1] http://sling.apache.org/documentation/the-sling-engine/errorhandling.html -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7631) Wrong log debug statement in ResourceResolverImpl
[ https://issues.apache.org/jira/browse/SLING-7631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-7631: - Fix Version/s: (was: Resource Resolver 1.6.0) Resource Resolver 1.6.2 > Wrong log debug statement in ResourceResolverImpl > - > > Key: SLING-7631 > URL: https://issues.apache.org/jira/browse/SLING-7631 > Project: Sling > Issue Type: Bug > Components: ResourceResolver >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > Fix For: Resource Resolver 1.6.2 > > > There is a wrong log debug statement in {{ResourceResolverImpl#map}} in [0] > {code:java} > logger.debug("resolve: MapEntry {} matches, mapped path is {}", mapEntry, > mappedPath);{code} > it should be > {code:java} > logger.debug("map: MapEntry {} matches, mapped path is {}", mapEntry, > mappedPath);{code} > [0] > https://github.com/apache/sling-org-apache-sling-resourceresolver/blob/master/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java#L568 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-7631) Wrong log debug statement in ResourceResolverImpl
[ https://issues.apache.org/jira/browse/SLING-7631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-7631. -- Resolution: Fixed Fix Version/s: Resource Resolver 1.6.0 > Wrong log debug statement in ResourceResolverImpl > - > > Key: SLING-7631 > URL: https://issues.apache.org/jira/browse/SLING-7631 > Project: Sling > Issue Type: Bug > Components: ResourceResolver >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > Fix For: Resource Resolver 1.6.0 > > > There is a wrong log debug statement in {{ResourceResolverImpl#map}} in [0] > {code:java} > logger.debug("resolve: MapEntry {} matches, mapped path is {}", mapEntry, > mappedPath);{code} > it should be > {code:java} > logger.debug("map: MapEntry {} matches, mapped path is {}", mapEntry, > mappedPath);{code} > [0] > https://github.com/apache/sling-org-apache-sling-resourceresolver/blob/master/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java#L568 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-7631) Wrong log debug statement in ResourceResolverImpl
[ https://issues.apache.org/jira/browse/SLING-7631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16460578#comment-16460578 ] Antonio Sanso commented on SLING-7631: -- fixed in rev. 31d72ce..2a87d59 > Wrong log debug statement in ResourceResolverImpl > - > > Key: SLING-7631 > URL: https://issues.apache.org/jira/browse/SLING-7631 > Project: Sling > Issue Type: Bug > Components: ResourceResolver >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > > There is a wrong log debug statement in {{ResourceResolverImpl#map}} in [0] > {code:java} > logger.debug("resolve: MapEntry {} matches, mapped path is {}", mapEntry, > mappedPath);{code} > it should be > {code:java} > logger.debug("map: MapEntry {} matches, mapped path is {}", mapEntry, > mappedPath);{code} > [0] > https://github.com/apache/sling-org-apache-sling-resourceresolver/blob/master/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java#L568 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7631) Wrong log debug statement in ResourceResolverImpl
[ https://issues.apache.org/jira/browse/SLING-7631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-7631: - Component/s: ResourceResolver > Wrong log debug statement in ResourceResolverImpl > - > > Key: SLING-7631 > URL: https://issues.apache.org/jira/browse/SLING-7631 > Project: Sling > Issue Type: Bug > Components: ResourceResolver >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > > There is a wrong log debug statement in {{ResourceResolverImpl#map}} in [0] > {code:java} > logger.debug("resolve: MapEntry {} matches, mapped path is {}", mapEntry, > mappedPath);{code} > it should be > {code:java} > logger.debug("map: MapEntry {} matches, mapped path is {}", mapEntry, > mappedPath);{code} > [0] > https://github.com/apache/sling-org-apache-sling-resourceresolver/blob/master/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java#L568 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (SLING-7631) Wrong log debug statement in ResourceResolverImpl
[ https://issues.apache.org/jira/browse/SLING-7631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-7631: Assignee: Antonio Sanso > Wrong log debug statement in ResourceResolverImpl > - > > Key: SLING-7631 > URL: https://issues.apache.org/jira/browse/SLING-7631 > Project: Sling > Issue Type: Bug >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > > There is a wrong log debug statement in {{ResourceResolverImpl#map}} in [0] > {code:java} > logger.debug("resolve: MapEntry {} matches, mapped path is {}", mapEntry, > mappedPath);{code} > it should be > {code:java} > logger.debug("map: MapEntry {} matches, mapped path is {}", mapEntry, > mappedPath);{code} > [0] > https://github.com/apache/sling-org-apache-sling-resourceresolver/blob/master/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java#L568 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-7631) Wrong log debug statement in ResourceResolverImpl
Antonio Sanso created SLING-7631: Summary: Wrong log debug statement in ResourceResolverImpl Key: SLING-7631 URL: https://issues.apache.org/jira/browse/SLING-7631 Project: Sling Issue Type: Bug Reporter: Antonio Sanso There is a wrong log debug statement in {{ResourceResolverImpl#map}} in [0] {code:java} logger.debug("resolve: MapEntry {} matches, mapped path is {}", mapEntry, mappedPath);{code} it should be {code:java} logger.debug("map: MapEntry {} matches, mapped path is {}", mapEntry, mappedPath);{code} [0] https://github.com/apache/sling-org-apache-sling-resourceresolver/blob/master/src/main/java/org/apache/sling/resourceresolver/impl/ResourceResolverImpl.java#L568 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (SLING-7525) Content-Type missing after applying the ContentDispositionFilter twice
[ https://issues.apache.org/jira/browse/SLING-7525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-7525. > Content-Type missing after applying the ContentDispositionFilter twice > -- > > Key: SLING-7525 > URL: https://issues.apache.org/jira/browse/SLING-7525 > Project: Sling > Issue Type: Bug >Affects Versions: Security 1.1.8, Security 1.1.10 >Reporter: Orlowska >Assignee: Antonio Sanso >Priority: Major > Fix For: Security 1.1.12 > > > The issue started with the SLING-7219. > When the {{ContentDispositionFilter}} is called twice (as a request filter > and as a forward filter) on a single request then the {{Content-Type}} is not > propagated and missing in the Response. > > On the second pass in the {{setContentType()}} the condition [1] > {code:java} > if (previousContentType != null && previousContentType.equals(type)){code} > will be fulfilled so the [2] > {code:java} > super.setContentType(type);{code} > will not be called. > > [1] > [https://github.com/apache/sling-org-apache-sling-security/blob/master/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java#L208] > [2] > [https://github.com/apache/sling-org-apache-sling-security/blob/master/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java#L253] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SLING-7525) Content-Type missing after applying the ContentDispositionFilter twice
[ https://issues.apache.org/jira/browse/SLING-7525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-7525. -- Resolution: Fixed Fix Version/s: Security 1.1.12 fixed in 2cd13b2..8e37dda > Content-Type missing after applying the ContentDispositionFilter twice > -- > > Key: SLING-7525 > URL: https://issues.apache.org/jira/browse/SLING-7525 > Project: Sling > Issue Type: Bug >Affects Versions: Security 1.1.8, Security 1.1.10 >Reporter: Orlowska >Assignee: Antonio Sanso >Priority: Major > Fix For: Security 1.1.12 > > > The issue started with the SLING-7219. > When the {{ContentDispositionFilter}} is called twice (as a request filter > and as a forward filter) on a single request then the {{Content-Type}} is not > propagated and missing in the Response. > > On the second pass in the {{setContentType()}} the condition [1] > {code:java} > if (previousContentType != null && previousContentType.equals(type)){code} > will be fulfilled so the [2] > {code:java} > super.setContentType(type);{code} > will not be called. > > [1] > [https://github.com/apache/sling-org-apache-sling-security/blob/master/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java#L208] > [2] > [https://github.com/apache/sling-org-apache-sling-security/blob/master/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java#L253] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-7525) Content-Type missing after applying the ContentDispositionFilter twice
[ https://issues.apache.org/jira/browse/SLING-7525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16396924#comment-16396924 ] Antonio Sanso commented on SLING-7525: -- I can reproduce. Thanks a lot [~orlowska] > Content-Type missing after applying the ContentDispositionFilter twice > -- > > Key: SLING-7525 > URL: https://issues.apache.org/jira/browse/SLING-7525 > Project: Sling > Issue Type: Bug >Affects Versions: Security 1.1.8, Security 1.1.10 >Reporter: Orlowska >Assignee: Antonio Sanso >Priority: Major > > The issue started with the SLING-7219. > When the {{ContentDispositionFilter}} is called twice (as a request filter > and as a forward filter) on a single request then the {{Content-Type}} is not > propagated and missing in the Response. > > On the second pass in the {{setContentType()}} the condition [1] > {code:java} > if (previousContentType != null && previousContentType.equals(type)){code} > will be fulfilled so the [2] > {code:java} > super.setContentType(type);{code} > will not be called. > > [1] > [https://github.com/apache/sling-org-apache-sling-security/blob/master/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java#L208] > [2] > [https://github.com/apache/sling-org-apache-sling-security/blob/master/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java#L253] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (SLING-2759) Provide an OpenId Connect Authentication Handler
[ https://issues.apache.org/jira/browse/SLING-2759?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-2759: Assignee: (was: Antonio Sanso) > Provide an OpenId Connect Authentication Handler > > > Key: SLING-2759 > URL: https://issues.apache.org/jira/browse/SLING-2759 > Project: Sling > Issue Type: Wish > Components: Authentication >Reporter: Antonio Sanso >Priority: Major > Labels: gsoc2018 > > It would be nice to provide an OpenId Connect [0] Authentication Handler. > Ideally this would leverage Apache Oltu OpenId Connect support [1] and > pluggable login module [2] > [0] http://openid.net/connect/ > [1] https://issues.apache.org/jira/browse/AMBER-24 > [2] https://issues.apache.org/jira/browse/SLING-2623 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-2759) Provide an OpenId Connect Authentication Handler
[ https://issues.apache.org/jira/browse/SLING-2759?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16391416#comment-16391416 ] Antonio Sanso commented on SLING-2759: -- [~rombert] nop. Go for it :) > Provide an OpenId Connect Authentication Handler > > > Key: SLING-2759 > URL: https://issues.apache.org/jira/browse/SLING-2759 > Project: Sling > Issue Type: Wish > Components: Authentication >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Major > Labels: gsoc2018 > > It would be nice to provide an OpenId Connect [0] Authentication Handler. > Ideally this would leverage Apache Oltu OpenId Connect support [1] and > pluggable login module [2] > [0] http://openid.net/connect/ > [1] https://issues.apache.org/jira/browse/AMBER-24 > [2] https://issues.apache.org/jira/browse/SLING-2623 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (SLING-7525) Content-Type missing after applying the ContentDispositionFilter twice
[ https://issues.apache.org/jira/browse/SLING-7525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-7525: Assignee: Antonio Sanso > Content-Type missing after applying the ContentDispositionFilter twice > -- > > Key: SLING-7525 > URL: https://issues.apache.org/jira/browse/SLING-7525 > Project: Sling > Issue Type: Bug >Affects Versions: Security 1.1.8, Security 1.1.10 >Reporter: Orlowska >Assignee: Antonio Sanso >Priority: Major > > The issue started with the SLING-7219. > When the {{ContentDispositionFilter}} is called twice (as a request filter > and as a forward filter) on a single request then the {{Content-Type}} is not > propagated and missing in the Response. > > On the second pass in the {{setContentType()}} the condition [1] > {code:java} > if (previousContentType != null && previousContentType.equals(type)){code} > will be fulfilled so the [2] > {code:java} > super.setContentType(type);{code} > will not be called. > > [1] > [https://github.com/apache/sling-org-apache-sling-security/blob/master/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java#L208] > [2] > [https://github.com/apache/sling-org-apache-sling-security/blob/master/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java#L253] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7436) Wrong content/type in the Default JSON Renderer
[ https://issues.apache.org/jira/browse/SLING-7436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-7436: - Description: Steps to reproduce: 1.Render a page (Renderer enabled) with JSON renderer. E.g: [http://localhost.com/dir/page(selector] value).json 2. Now, extend the url with a slash / and a name with any other extensions e.g [http://localhost.com/dir/page.(value).json/file.html].] 3. Observe file.html was automatically downloaded Credit: this issue was found by Md. Sabuktagin was: Steps to reproduce: 1.Render a page (Renderer enabled) with JSON renderer. E.g: http://localhost.com/dir/page(selector value).json 2. Now, extend the url with a slash(/) and a name with any other extensions e.g [http://localhost.com/dir/page.(value).json/file.html].] 3. Observe file.html was automatically downloaded > Wrong content/type in the Default JSON Renderer > > > Key: SLING-7436 > URL: https://issues.apache.org/jira/browse/SLING-7436 > Project: Sling > Issue Type: Bug > Components: Servlets >Reporter: Antonio Sanso >Priority: Major > > Steps to reproduce: > 1.Render a page (Renderer enabled) with JSON renderer. E.g: > [http://localhost.com/dir/page(selector] value).json > 2. Now, extend the url with a slash / and a name with any other extensions > e.g > [http://localhost.com/dir/page.(value).json/file.html].] > > 3. Observe file.html was automatically downloaded > > Credit: this issue was found by Md. Sabuktagin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7436) Wrong content/type in the Default JSON Renderer
[ https://issues.apache.org/jira/browse/SLING-7436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-7436: - Description: Steps to reproduce: 1.Render a page (Renderer enabled) with JSON renderer. E.g: [http://localhost.com/dir/page(selector] value).json 2. Now, extend the url with a slash / and a name with any other extensions e.g [http://localhost.com/dir/page.(value).json/file.html].] 3. Observe file.html was automatically downloaded Credit: this issue was found by Md. Sabuktagin was: Steps to reproduce: 1.Render a page (Renderer enabled) with JSON renderer. E.g: [http://localhost.com/dir/page(selector] value).json 2. Now, extend the url with a slash / and a name with any other extensions e.g [http://localhost.com/dir/page.(value).json/file.html].] 3. Observe file.html was automatically downloaded Credit: this issue was found by Md. Sabuktagin > Wrong content/type in the Default JSON Renderer > > > Key: SLING-7436 > URL: https://issues.apache.org/jira/browse/SLING-7436 > Project: Sling > Issue Type: Bug > Components: Servlets >Reporter: Antonio Sanso >Priority: Major > > Steps to reproduce: > 1.Render a page (Renderer enabled) with JSON renderer. E.g: > [http://localhost.com/dir/page(selector] value).json > 2. Now, extend the url with a slash / and a name with any other extensions > e.g > [http://localhost.com/dir/page.(value).json/file.html].] > 3. Observe file.html was automatically downloaded > Credit: this issue was found by Md. Sabuktagin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-7436) Wrong content/type in the Default JSON Renderer
Antonio Sanso created SLING-7436: Summary: Wrong content/type in the Default JSON Renderer Key: SLING-7436 URL: https://issues.apache.org/jira/browse/SLING-7436 Project: Sling Issue Type: Bug Components: Servlets Reporter: Antonio Sanso Steps to reproduce: 1.Render a page (Renderer enabled) with JSON renderer. E.g: http://localhost.com/dir/page(selector value).json 2. Now, extend the url with a slash(/) and a name with any other extensions e.g [http://localhost.com/dir/page.(value).json/file.html].] 3. Observe file.html was automatically downloaded -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-7157) metatype.properties file must not be in OSGI-INF/metatype
[ https://issues.apache.org/jira/browse/SLING-7157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-7157: - Fix Version/s: (was: Auth Core 1.4.2) Auth Core 1.4.4 > metatype.properties file must not be in OSGI-INF/metatype > - > > Key: SLING-7157 > URL: https://issues.apache.org/jira/browse/SLING-7157 > Project: Sling > Issue Type: Bug >Affects Versions: JCR Web Console 1.0.2, JCR Registration 1.0.2, JCR > ClassLoader 3.2.2, Form Based Authentication 1.0.8, Settings 1.3.8, Commons > Threads 3.2.6, Auth Core 1.4.0, SLF4J MDC Filter 1.0.0, Authentication XING > OAuth 0.0.2, Authentication XING Login 0.0.2, URL Rewriter 0.0.2, DataSource > Provider 1.0.4, NoSQL MongoDB Resource Provider 1.1.0, Commons Log 5.0.2, > Discovery Impl 1.2.12, Discovery Oak 1.2.18, JCR Davex 1.3.8, JCR Webdav > 2.3.8, JCR Installer 3.1.26 >Reporter: Carsten Ziegeler >Priority: Blocker > Fix For: JCR Web Console 1.0.4, JCR ClassLoader 3.2.4, Form Based > Authentication 1.0.10, Settings 1.3.10, Auth Core 1.4.4, Mongo Resource > Provider 1.0.0, Authentication XING OAuth 0.0.4, Authentication XING Login > 0.0.4, DataSource Provider 1.0.4, URL Rewriter 0.0.4, Commons Log 5.1.0, > Commons Threads 3.2.10, SLF4J MDC Filter 1.0.2, JCR Webdav 2.3.10, JCR > Installer 3.1.28, Discovery Impl 1.2.14, Discovery Oak 1.2.24, JCR Davex > 1.3.12 > > > According to the spec the metatype.properties file must not be inside the > OSGI-INF/metatype directory. This is against the spec, so we should move it > to OSGI-INF/l10n > We probably should also upgrade the maven-scr-plugin for this 1.25.0 > I found the following files: > ./bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties > ./bundles/auth/form/src/main/resources/OSGI-INF/metatype/metatype.properties > ./bundles/commons/log/src/main/resources/OSGI-INF/metatype/metatype.properties > ./bundles/commons/threads/src/main/resources/OSGI-INF/metatype/metatype.properties > ./bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties > ./bundles/extensions/discovery/oak/src/main/resources/OSGI-INF/metatype/metatype.properties > ./bundles/extensions/settings/src/main/resources/OSGI-INF/metatype/metatype.properties > ./bundles/jcr/classloader/src/main/resources/OSGI-INF/metatype/metatype.properties > ./bundles/jcr/davex/src/main/resources/OSGI-INF/metatype/metatype.properties > ./bundles/jcr/registration/src/main/resources/OSGI-INF/metatype/metatype.properties > ./bundles/jcr/webconsole/src/main/resources/OSGI-INF/metatype/metatype.properties > ./bundles/jcr/webdav/src/main/resources/OSGI-INF/metatype/metatype.properties > ./contrib/auth/org.apache.sling.auth.xing.login/src/main/resources/OSGI-INF/metatype/metatype.properties > ./contrib/auth/org.apache.sling.auth.xing.oauth/src/main/resources/OSGI-INF/metatype/metatype.properties > ./contrib/extensions/datasource/src/main/resources/OSGI-INF/metatype/metatype.properties > ./contrib/extensions/mongodb/src/main/resources/OSGI-INF/metatype/metatype.properties > ./contrib/extensions/slf4j-mdc/src/main/resources/OSGI-INF/metatype/metatype.properties > ./contrib/extensions/startup-filter/src/main/resources/OSGI-INF/metatype/metatype.properties > ./contrib/extensions/urlrewriter/src/main/resources/OSGI-INF/metatype/metatype.properties > ./installer/providers/jcr/src/main/resources/OSGI-INF/metatype/metatype.properties > ./samples/path-based-rtp/src/main/resources/OSGI-INF/metatype/metatype.properties > ./samples/workspacepicker/src/main/resources/OSGI-INF/metatype/metatype.properties > ./testing/junit/core/src/main/resources/OSGI-INF/metatype/metatype.properties > ./testing/junit/healthcheck/src/main/resources/OSGI-INF/metatype/metatype.properties -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-7243) Improve validation in AuthUtil.isRedirectValid
[ https://issues.apache.org/jira/browse/SLING-7243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-7243. > Improve validation in AuthUtil.isRedirectValid > -- > > Key: SLING-7243 > URL: https://issues.apache.org/jira/browse/SLING-7243 > Project: Sling > Issue Type: Bug > Components: Authentication >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > Fix For: Auth Core 1.4.2 > > > The validation in {{AuthUtil.isRedirectValid}} might be improved. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (SLING-7243) Improve validation in AuthUtil.isRedirectValid
[ https://issues.apache.org/jira/browse/SLING-7243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-7243. -- Resolution: Fixed Fix Version/s: Auth Core 1.4.2 > Improve validation in AuthUtil.isRedirectValid > -- > > Key: SLING-7243 > URL: https://issues.apache.org/jira/browse/SLING-7243 > Project: Sling > Issue Type: Bug > Components: Authentication >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > Fix For: Auth Core 1.4.2 > > > The validation in {{AuthUtil.isRedirectValid}} might be improved. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-7243) Improve validation in AuthUtil.isRedirectValid
[ https://issues.apache.org/jira/browse/SLING-7243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292129#comment-16292129 ] Antonio Sanso commented on SLING-7243: -- fixed in 015fe58b22e0625e9d88b687de50303db539482b > Improve validation in AuthUtil.isRedirectValid > -- > > Key: SLING-7243 > URL: https://issues.apache.org/jira/browse/SLING-7243 > Project: Sling > Issue Type: Bug > Components: Authentication >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > > The validation in {{AuthUtil.isRedirectValid}} might be improved. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-7255) Donating Sling Resource Encryption Utils
[ https://issues.apache.org/jira/browse/SLING-7255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16259339#comment-16259339 ] Antonio Sanso commented on SLING-7255: -- [~jebailey] thanks for your donation. Without going to deep into the API layer (other people might comments on it), IMHO would be best to use some way of authenticated encryption rather than AES/CBC. As rule of thumbs you never (only) encrypt . You'd better add some integrity check mechanism (eg AES GCM or encrypt-then-mac) > Donating Sling Resource Encryption Utils > > > Key: SLING-7255 > URL: https://issues.apache.org/jira/browse/SLING-7255 > Project: Sling > Issue Type: Task >Reporter: Jason E Bailey > Attachments: sling-encrypt-0.0.1-beta.zip > > > Issue to track donation of Sling resource encryption > Codebase > https://github.com/JEBailey/sling-encrypt > source code is attached with sha1 checksum of > 717e84c0ec45191d14d93cebbe8795961b393610 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (SLING-7244) Correct require capability for http whiteboard
[ https://issues.apache.org/jira/browse/SLING-7244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-7244: - Fix Version/s: (was: Security 1.1.8) Security 1.1.10 > Correct require capability for http whiteboard > -- > > Key: SLING-7244 > URL: https://issues.apache.org/jira/browse/SLING-7244 > Project: Sling > Issue Type: Bug > Components: Engine, Extensions >Affects Versions: i18n 2.5.8, Feature Flags 1.2.0, Engine 2.6.8, Security > 1.1.6 >Reporter: Carsten Ziegeler >Assignee: Carsten Ziegeler > Fix For: Feature Flags 1.2.2, Engine 2.6.10, Security 1.1.10, > i18n 2.5.10 > > > The require capability should not use a fixed version but a version range, > otherwise it will not resolve once we update the http implementation -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-7219) Add scope forward to ContentDispositionFilter
[ https://issues.apache.org/jira/browse/SLING-7219?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-7219. > Add scope forward to ContentDispositionFilter > - > > Key: SLING-7219 > URL: https://issues.apache.org/jira/browse/SLING-7219 > Project: Sling > Issue Type: Improvement > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > Fix For: Security 1.1.8 > > > The {{ContentDispositionFilter}} sets the filter scope to request > {code} > @Component(property={"sling.filter.scope=request", > "service.ranking:Integer=25000"}) > {code} > it would be good to add as well the scope forward -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (SLING-7243) Improve validation in AuthUtil.isRedirectValid
Antonio Sanso created SLING-7243: Summary: Improve validation in AuthUtil.isRedirectValid Key: SLING-7243 URL: https://issues.apache.org/jira/browse/SLING-7243 Project: Sling Issue Type: Bug Components: Authentication Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor The validation in {{AuthUtil.isRedirectValid}} might be improved. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (SLING-7219) Add scope forward to ContentDispositionFilter
[ https://issues.apache.org/jira/browse/SLING-7219?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-7219. -- Resolution: Fixed Fix Version/s: Security 1.1.8 > Add scope forward to ContentDispositionFilter > - > > Key: SLING-7219 > URL: https://issues.apache.org/jira/browse/SLING-7219 > Project: Sling > Issue Type: Improvement > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > Fix For: Security 1.1.8 > > > The {{ContentDispositionFilter}} sets the filter scope to request > {code} > @Component(property={"sling.filter.scope=request", > "service.ranking:Integer=25000"}) > {code} > it would be good to add as well the scope forward -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-7219) Add scope forward to ContentDispositionFilter
[ https://issues.apache.org/jira/browse/SLING-7219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1687#comment-1687 ] Antonio Sanso commented on SLING-7219: -- resolved in 6807642..640ae29 > Add scope forward to ContentDispositionFilter > - > > Key: SLING-7219 > URL: https://issues.apache.org/jira/browse/SLING-7219 > Project: Sling > Issue Type: Improvement > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > Fix For: Security 1.1.8 > > > The {{ContentDispositionFilter}} sets the filter scope to request > {code} > @Component(property={"sling.filter.scope=request", > "service.ranking:Integer=25000"}) > {code} > it would be good to add as well the scope forward -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-7218) NPE in org.apache.sling.security.impl.ContentDispositionFilter#activate
[ https://issues.apache.org/jira/browse/SLING-7218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16221908#comment-16221908 ] Antonio Sanso commented on SLING-7218: -- [~kwin] this seems has been introduced in SLING-6316. Before the default value for {{contentDispostionExcludedPathsArray}} used to be {{""}} now is {{null}}. How do you suggest to handle this? Putting back the default to {{""}} or handle the {{null}} value? > NPE in org.apache.sling.security.impl.ContentDispositionFilter#activate > --- > > Key: SLING-7218 > URL: https://issues.apache.org/jira/browse/SLING-7218 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso > > {noformat} > 09.10.2017 07:05:55.216 *ERROR* [FelixStartLevel] org.apache.sling.security > [org.apache.sling.security.impl.ContentDispositionFilter(96)] The activate > method has thrown an exception (java.lang.NullPointerException) > java.lang.NullPointerException: null > at java.util.Objects.requireNonNull(Objects.java:203) > at java.util.Arrays$ArrayList.(Arrays.java:3813) > at java.util.Arrays.asList(Arrays.java:3800) > 09.10.2017 07:05:55.219 *ERROR* [FelixDispatchQueue] org.apache.sling.engine > FrameworkEvent ERROR (org.osgi.framework.ServiceException: Service factory > returned null. (Component: > org.apache.sling.security.impl.ContentDispositionFilter (96))) > org.osgi.framework.ServiceException: Service factory returned null. > (Component: org.apache.sling.security.impl.ContentDispositionFilter (96)) > at > org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:380) > at > org.apache.felix.framework.ServiceRegistrationImpl.getService(ServiceRegistrationImpl.java:247) > at > org.apache.felix.framework.ServiceRegistry.getService(ServiceRegistry.java:350) > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (SLING-7219) Add scope forward to ContentDispositionFilter
Antonio Sanso created SLING-7219: Summary: Add scope forward to ContentDispositionFilter Key: SLING-7219 URL: https://issues.apache.org/jira/browse/SLING-7219 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor The {{ContentDispositionFilter}} sets the filter scope to request {code} @Component(property={"sling.filter.scope=request", "service.ranking:Integer=25000"}) {code} it would be good to add as well the scope forward -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (SLING-7218) NPE in org.apache.sling.security.impl.ContentDispositionFilter#activate
[ https://issues.apache.org/jira/browse/SLING-7218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-7218: Assignee: Antonio Sanso > NPE in org.apache.sling.security.impl.ContentDispositionFilter#activate > --- > > Key: SLING-7218 > URL: https://issues.apache.org/jira/browse/SLING-7218 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso > > {noformat} > 09.10.2017 07:05:55.216 *ERROR* [FelixStartLevel] org.apache.sling.security > [org.apache.sling.security.impl.ContentDispositionFilter(96)] The activate > method has thrown an exception (java.lang.NullPointerException) > java.lang.NullPointerException: null > at java.util.Objects.requireNonNull(Objects.java:203) > at java.util.Arrays$ArrayList.(Arrays.java:3813) > at java.util.Arrays.asList(Arrays.java:3800) > 09.10.2017 07:05:55.219 *ERROR* [FelixDispatchQueue] org.apache.sling.engine > FrameworkEvent ERROR (org.osgi.framework.ServiceException: Service factory > returned null. (Component: > org.apache.sling.security.impl.ContentDispositionFilter (96))) > org.osgi.framework.ServiceException: Service factory returned null. > (Component: org.apache.sling.security.impl.ContentDispositionFilter (96)) > at > org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:380) > at > org.apache.felix.framework.ServiceRegistrationImpl.getService(ServiceRegistrationImpl.java:247) > at > org.apache.felix.framework.ServiceRegistry.getService(ServiceRegistry.java:350) > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (SLING-7218) NPE in org.apache.sling.security.impl.ContentDispositionFilter#activate
Antonio Sanso created SLING-7218: Summary: NPE in org.apache.sling.security.impl.ContentDispositionFilter#activate Key: SLING-7218 URL: https://issues.apache.org/jira/browse/SLING-7218 Project: Sling Issue Type: Bug Components: Extensions Reporter: Antonio Sanso {noformat} 09.10.2017 07:05:55.216 *ERROR* [FelixStartLevel] org.apache.sling.security [org.apache.sling.security.impl.ContentDispositionFilter(96)] The activate method has thrown an exception (java.lang.NullPointerException) java.lang.NullPointerException: null at java.util.Objects.requireNonNull(Objects.java:203) at java.util.Arrays$ArrayList.(Arrays.java:3813) at java.util.Arrays.asList(Arrays.java:3800) 09.10.2017 07:05:55.219 *ERROR* [FelixDispatchQueue] org.apache.sling.engine FrameworkEvent ERROR (org.osgi.framework.ServiceException: Service factory returned null. (Component: org.apache.sling.security.impl.ContentDispositionFilter (96))) org.osgi.framework.ServiceException: Service factory returned null. (Component: org.apache.sling.security.impl.ContentDispositionFilter (96)) at org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:380) at org.apache.felix.framework.ServiceRegistrationImpl.getService(ServiceRegistrationImpl.java:247) at org.apache.felix.framework.ServiceRegistry.getService(ServiceRegistry.java:350) {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (SLING-7152) Unclosed ResourceResolver in org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2
[ https://issues.apache.org/jira/browse/SLING-7152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-7152. -- Resolution: Duplicate > Unclosed ResourceResolver in > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2 > - > > Key: SLING-7152 > URL: https://issues.apache.org/jira/browse/SLING-7152 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > > The SlingWebConsoleSecurityProvider it is handling the authentication but it > is not registering a servlet request listener to close the session at the end > of the request. > {noformat} > 15.09.2017 18:07:59.044 *INFO* [Apache Sling Resource Resolver Finalizer > Thread] > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl > Unclosed ResourceResolver was created here: > java.lang.Exception: Opening Stacktrace > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl$ResolverReference.(CommonResourceResolverFactoryImpl.java:521) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.register(CommonResourceResolverFactoryImpl.java:218) > at > org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:101) > at > org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:94) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.getResourceResolverInternal(CommonResourceResolverFactoryImpl.java:263) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.getResourceResolver(CommonResourceResolverFactoryImpl.java:173) > at > org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getResourceResolver(ResourceResolverFactoryImpl.java:105) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.getResolver(SlingAuthenticator.java:791) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:506) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:460) > at > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:69) > at > org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103) > at > org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:421) > at > org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:57) > at > org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:128) > at > org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) > at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812) > at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) > at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) > at org.eclipse.jetty.server.Server.handle(Server.java:499) > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) > at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) > at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) > at java.lang.Thread.run(Thread.java:745) > {noformat} > We should add this. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-7152) Unclosed ResourceResolver in org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2
[ https://issues.apache.org/jira/browse/SLING-7152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16189410#comment-16189410 ] Antonio Sanso commented on SLING-7152: -- [~cziegeler] of course you are right :S how about this other (simpler) approach? {code} Index: src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java === --- src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java (revision 1810355) +++ src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java (working copy) @@ -97,6 +97,12 @@ @Override public void logout(HttpServletRequest request, HttpServletResponse response) { this.authenticator.logout(request, response); +//SLING-7152 +Object resolverAttr = request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER); +if (resolverAttr instanceof ResourceResolver) { +((ResourceResolver) resolverAttr).close(); + request.removeAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER); +} } {code} > Unclosed ResourceResolver in > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2 > - > > Key: SLING-7152 > URL: https://issues.apache.org/jira/browse/SLING-7152 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > > The SlingWebConsoleSecurityProvider it is handling the authentication but it > is not registering a servlet request listener to close the session at the end > of the request. > {noformat} > 15.09.2017 18:07:59.044 *INFO* [Apache Sling Resource Resolver Finalizer > Thread] > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl > Unclosed ResourceResolver was created here: > java.lang.Exception: Opening Stacktrace > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl$ResolverReference.(CommonResourceResolverFactoryImpl.java:521) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.register(CommonResourceResolverFactoryImpl.java:218) > at > org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:101) > at > org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:94) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.getResourceResolverInternal(CommonResourceResolverFactoryImpl.java:263) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.getResourceResolver(CommonResourceResolverFactoryImpl.java:173) > at > org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getResourceResolver(ResourceResolverFactoryImpl.java:105) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.getResolver(SlingAuthenticator.java:791) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:506) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:460) > at > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:69) > at > org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103) > at > org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:421) > at > org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:57) > at > org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:128) > at > org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) > at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812) > at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) > at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) >
[jira] [Commented] (SLING-7152) Unclosed ResourceResolver in org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2
[ https://issues.apache.org/jira/browse/SLING-7152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16188115#comment-16188115 ] Antonio Sanso commented on SLING-7152: -- {code} Index: src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/AbstractWebConsoleSecurityProvider.java === --- src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/AbstractWebConsoleSecurityProvider.java (revision 1810355) +++ src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/AbstractWebConsoleSecurityProvider.java (working copy) @@ -23,8 +23,12 @@ import java.util.Dictionary; import java.util.HashSet; import java.util.Set; - +import javax.servlet.ServletRequest; +import javax.servlet.ServletRequestEvent; +import javax.servlet.ServletRequestListener; import org.apache.felix.webconsole.WebConsoleSecurityProvider; +import org.apache.sling.api.resource.ResourceResolver; +import org.apache.sling.auth.core.AuthenticationSupport; import org.osgi.service.cm.ConfigurationException; import org.osgi.service.cm.ManagedService; import org.slf4j.Logger; @@ -35,7 +39,7 @@ * It handles the configuration of the service. */ public abstract class AbstractWebConsoleSecurityProvider -implements WebConsoleSecurityProvider, ManagedService { +implements WebConsoleSecurityProvider, ManagedService, ServletRequestListener { // name of the property providing list of authorized users private static final String PROP_USERS = "users"; @@ -86,4 +90,19 @@ } return groups; } + +@Override +public void requestDestroyed(ServletRequestEvent sre) { +ServletRequest request = sre.getServletRequest(); +Object resolverAttr = request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER); +if (resolverAttr instanceof ResourceResolver) { +((ResourceResolver) resolverAttr).close(); + request.removeAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER); +} +} + +@Override +public void requestInitialized(ServletRequestEvent sre) { +//nothing to do +} } Index: src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java === --- src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java (revision 1810355) +++ src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java (working copy) @@ -22,7 +22,7 @@ import java.util.Dictionary; import java.util.Hashtable; import java.util.concurrent.atomic.AtomicBoolean; - +import javax.servlet.ServletRequestListener; import org.apache.felix.webconsole.WebConsoleSecurityProvider; import org.apache.sling.launchpad.api.StartupListener; import org.apache.sling.launchpad.api.StartupMode; @@ -171,7 +171,7 @@ props.put(Constants.SERVICE_DESCRIPTION, "Apache Sling Web Console Security Provider 2"); props.put(Constants.SERVICE_VENDOR, "The Apache Software Foundation"); this.provider2Reg = this.bundleContext.registerService( -new String[] {ManagedService.class.getName(), WebConsoleSecurityProvider.class.getName()}, +new String[] {ManagedService.class.getName(), WebConsoleSecurityProvider.class.getName(), ServletRequestListener.class.getName()}, new SlingWebConsoleSecurityProvider2(authSupport, authenticator), props); this.registrationState = State.PROVIDER2; } @@ -182,7 +182,7 @@ props.put(Constants.SERVICE_DESCRIPTION, "Apache Sling Web Console Security Provider"); props.put(Constants.SERVICE_VENDOR, "The Apache Software Foundation"); this.providerReg = this.bundleContext.registerService( -new String[] {ManagedService.class.getName(), WebConsoleSecurityProvider.class.getName()}, new SlingWebConsoleSecurityProvider(repository), props); +new String[] {ManagedService.class.getName(), WebConsoleSecurityProvider.class.getName(), ServletRequestListener.class.getName()}, new SlingWebConsoleSecurityProvider(repository), props); this.registrationState = State.PROVIDER; } {code} attaching path. [~cziegeler] WDYT? > Unclosed ResourceResolver in > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2 > - > > Key: SLING-7152 > URL: https://issues.apache.org/jira/browse/SLING-7152 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio
[jira] [Created] (SLING-7152) Unclosed ResourceResolver in org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2
Antonio Sanso created SLING-7152: Summary: Unclosed ResourceResolver in org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2 Key: SLING-7152 URL: https://issues.apache.org/jira/browse/SLING-7152 Project: Sling Issue Type: Bug Components: Extensions Reporter: Antonio Sanso Priority: Minor The SlingWebConsoleSecurityProvider it is handling the authentication but it is not registering a servlet request listener to close the session at the end of the request. {noformat} 15.09.2017 18:07:59.044 *INFO* [Apache Sling Resource Resolver Finalizer Thread] org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl Unclosed ResourceResolver was created here: java.lang.Exception: Opening Stacktrace at org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl$ResolverReference.(CommonResourceResolverFactoryImpl.java:521) at org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.register(CommonResourceResolverFactoryImpl.java:218) at org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:101) at org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:94) at org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.getResourceResolverInternal(CommonResourceResolverFactoryImpl.java:263) at org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.getResourceResolver(CommonResourceResolverFactoryImpl.java:173) at org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getResourceResolver(ResourceResolverFactoryImpl.java:105) at org.apache.sling.auth.core.impl.SlingAuthenticator.getResolver(SlingAuthenticator.java:791) at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:506) at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:460) at org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:69) at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103) at org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:421) at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:57) at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:128) at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49) at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) at java.lang.Thread.run(Thread.java:745) {noformat} We should add this. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (SLING-7152) Unclosed ResourceResolver in org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2
[ https://issues.apache.org/jira/browse/SLING-7152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-7152: Assignee: Antonio Sanso > Unclosed ResourceResolver in > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2 > - > > Key: SLING-7152 > URL: https://issues.apache.org/jira/browse/SLING-7152 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Minor > > The SlingWebConsoleSecurityProvider it is handling the authentication but it > is not registering a servlet request listener to close the session at the end > of the request. > {noformat} > 15.09.2017 18:07:59.044 *INFO* [Apache Sling Resource Resolver Finalizer > Thread] > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl > Unclosed ResourceResolver was created here: > java.lang.Exception: Opening Stacktrace > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl$ResolverReference.(CommonResourceResolverFactoryImpl.java:521) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.register(CommonResourceResolverFactoryImpl.java:218) > at > org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:101) > at > org.apache.sling.resourceresolver.impl.ResourceResolverImpl.(ResourceResolverImpl.java:94) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.getResourceResolverInternal(CommonResourceResolverFactoryImpl.java:263) > at > org.apache.sling.resourceresolver.impl.CommonResourceResolverFactoryImpl.getResourceResolver(CommonResourceResolverFactoryImpl.java:173) > at > org.apache.sling.resourceresolver.impl.ResourceResolverFactoryImpl.getResourceResolver(ResourceResolverFactoryImpl.java:105) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.getResolver(SlingAuthenticator.java:791) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:506) > at > org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:460) > at > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:69) > at > org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103) > at > org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:421) > at > org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:57) > at > org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:128) > at > org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) > at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812) > at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) > at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) > at org.eclipse.jetty.server.Server.handle(Server.java:499) > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) > at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) > at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) > at java.lang.Thread.run(Thread.java:745) > {noformat} > We should add this. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-6972) Add a request attribute in the SlingAuthenticator containing the list of request URI suffixes handled by the default authenticator
[ https://issues.apache.org/jira/browse/SLING-6972?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-6972. > Add a request attribute in the SlingAuthenticator containing the list of > request URI suffixes handled by the default authenticator > -- > > Key: SLING-6972 > URL: https://issues.apache.org/jira/browse/SLING-6972 > Project: Sling > Issue Type: Improvement > Components: Authentication >Reporter: Antonio Sanso >Assignee: Antonio Sanso > Fix For: Auth Core 1.4.0 > > > It would be useful to add a request attribute in the SlingAuthenticator > containing the list of request URI suffixes handled by the default > authenticator. In this way thge login JSPs can post j_username and j_password > to the correct dynamic URI. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-6957) Failing tests when updating version of org.apache.sling.serviceusermapper to 1.3.2
[ https://issues.apache.org/jira/browse/SLING-6957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16067838#comment-16067838 ] Antonio Sanso commented on SLING-6957: -- see also SLING-5667 > Failing tests when updating version of org.apache.sling.serviceusermapper to > 1.3.2 > -- > > Key: SLING-6957 > URL: https://issues.apache.org/jira/browse/SLING-6957 > Project: Sling > Issue Type: Bug > Components: JCR >Reporter: angela >Assignee: Antonio Sanso > Fix For: JCR Base 3.0.4 > > > when updating the version of {{org.apache.sling.serviceusermapper}} from > _1.0.0_ to _1.3.2_ within the pom.xml of {{org.apache.sling.jcr.base}}, the > build of this module fails the following tests: > {code} > Running org.apache.sling.jcr.base.RepositoryInitializersTest > Tests run: 4, Failures: 0, Errors: 4, Skipped: 0, Time elapsed: 0.155 sec <<< > FAILURE! - in org.apache.sling.jcr.base.RepositoryInitializersTest > inOrderInitializers(org.apache.sling.jcr.base.RepositoryInitializersTest) > Time elapsed: 0.121 sec <<< ERROR! > java.lang.RuntimeException: Unable to initialize JCR_MOCK resource resolver > factory: No matching activation method with name 'configure' found in class > org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl > at > org.apache.sling.testing.mock.sling.context.ContextResourceResolverFactory.get(ContextResourceResolverFactory.java:69) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.newResourceResolverFactory(SlingContextImpl.java:107) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.setUp(SlingContextImpl.java:98) > at > org.apache.sling.testing.mock.sling.junit.SlingContext.access$000(SlingContext.java:32) > at > org.apache.sling.testing.mock.sling.junit.SlingContext$1.before(SlingContext.java:113) > at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:46) > at org.junit.rules.RunRules.evaluate(RunRules.java:20) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) > at org.junit.runners.ParentRunner.run(ParentRunner.java:363) > at > org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:283) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:173) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153) > at > org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:128) > at > org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203) > at > org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155) > at > org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103) > Caused by: java.lang.RuntimeException: No matching activation method with > name 'configure' found in class > org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl > at > org.apache.sling.testing.mock.osgi.OsgiServiceUtil.activateDeactivate(OsgiServiceUtil.java:157) > at > org.apache.sling.testing.mock.osgi.MockOsgi.activate(MockOsgi.java:190) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.registerServiceIfNotPresent(ResourceResolverFactoryInitializer.java:160) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.ensureResourceResolverFactoryActivatorDependencies(ResourceResolverFactoryInitializer.java:117) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.setUp(ResourceResolverFactoryInitializer.java:74) > at > org.apache.sling.testing.mock.sling.MockSling.newResourceResolverFactory(MockSling.java:88) > at > org.apache.sling.testing.mock.sling.context.ContextResourceResolverFactory.get(ContextResourceResolverFactory.java:45) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.newResourceResolverFactory(SlingContextImpl.java:107) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.setUp(SlingContextImpl.java:98) > at >
[jira] [Resolved] (SLING-6957) Failing tests when updating version of org.apache.sling.serviceusermapper to 1.3.2
[ https://issues.apache.org/jira/browse/SLING-6957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-6957. -- Resolution: Fixed Fix Version/s: JCR Base 3.0.4 > Failing tests when updating version of org.apache.sling.serviceusermapper to > 1.3.2 > -- > > Key: SLING-6957 > URL: https://issues.apache.org/jira/browse/SLING-6957 > Project: Sling > Issue Type: Bug > Components: JCR >Reporter: angela >Assignee: Antonio Sanso > Fix For: JCR Base 3.0.4 > > > when updating the version of {{org.apache.sling.serviceusermapper}} from > _1.0.0_ to _1.3.2_ within the pom.xml of {{org.apache.sling.jcr.base}}, the > build of this module fails the following tests: > {code} > Running org.apache.sling.jcr.base.RepositoryInitializersTest > Tests run: 4, Failures: 0, Errors: 4, Skipped: 0, Time elapsed: 0.155 sec <<< > FAILURE! - in org.apache.sling.jcr.base.RepositoryInitializersTest > inOrderInitializers(org.apache.sling.jcr.base.RepositoryInitializersTest) > Time elapsed: 0.121 sec <<< ERROR! > java.lang.RuntimeException: Unable to initialize JCR_MOCK resource resolver > factory: No matching activation method with name 'configure' found in class > org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl > at > org.apache.sling.testing.mock.sling.context.ContextResourceResolverFactory.get(ContextResourceResolverFactory.java:69) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.newResourceResolverFactory(SlingContextImpl.java:107) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.setUp(SlingContextImpl.java:98) > at > org.apache.sling.testing.mock.sling.junit.SlingContext.access$000(SlingContext.java:32) > at > org.apache.sling.testing.mock.sling.junit.SlingContext$1.before(SlingContext.java:113) > at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:46) > at org.junit.rules.RunRules.evaluate(RunRules.java:20) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) > at org.junit.runners.ParentRunner.run(ParentRunner.java:363) > at > org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:283) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:173) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153) > at > org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:128) > at > org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203) > at > org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155) > at > org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103) > Caused by: java.lang.RuntimeException: No matching activation method with > name 'configure' found in class > org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl > at > org.apache.sling.testing.mock.osgi.OsgiServiceUtil.activateDeactivate(OsgiServiceUtil.java:157) > at > org.apache.sling.testing.mock.osgi.MockOsgi.activate(MockOsgi.java:190) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.registerServiceIfNotPresent(ResourceResolverFactoryInitializer.java:160) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.ensureResourceResolverFactoryActivatorDependencies(ResourceResolverFactoryInitializer.java:117) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.setUp(ResourceResolverFactoryInitializer.java:74) > at > org.apache.sling.testing.mock.sling.MockSling.newResourceResolverFactory(MockSling.java:88) > at > org.apache.sling.testing.mock.sling.context.ContextResourceResolverFactory.get(ContextResourceResolverFactory.java:45) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.newResourceResolverFactory(SlingContextImpl.java:107) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.setUp(SlingContextImpl.java:98) > at >
[jira] [Commented] (SLING-6957) Failing tests when updating version of org.apache.sling.serviceusermapper to 1.3.2
[ https://issues.apache.org/jira/browse/SLING-6957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16067836#comment-16067836 ] Antonio Sanso commented on SLING-6957: -- fixed in r1800232 > Failing tests when updating version of org.apache.sling.serviceusermapper to > 1.3.2 > -- > > Key: SLING-6957 > URL: https://issues.apache.org/jira/browse/SLING-6957 > Project: Sling > Issue Type: Bug > Components: JCR >Reporter: angela >Assignee: Antonio Sanso > Fix For: JCR Base 3.0.4 > > > when updating the version of {{org.apache.sling.serviceusermapper}} from > _1.0.0_ to _1.3.2_ within the pom.xml of {{org.apache.sling.jcr.base}}, the > build of this module fails the following tests: > {code} > Running org.apache.sling.jcr.base.RepositoryInitializersTest > Tests run: 4, Failures: 0, Errors: 4, Skipped: 0, Time elapsed: 0.155 sec <<< > FAILURE! - in org.apache.sling.jcr.base.RepositoryInitializersTest > inOrderInitializers(org.apache.sling.jcr.base.RepositoryInitializersTest) > Time elapsed: 0.121 sec <<< ERROR! > java.lang.RuntimeException: Unable to initialize JCR_MOCK resource resolver > factory: No matching activation method with name 'configure' found in class > org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl > at > org.apache.sling.testing.mock.sling.context.ContextResourceResolverFactory.get(ContextResourceResolverFactory.java:69) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.newResourceResolverFactory(SlingContextImpl.java:107) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.setUp(SlingContextImpl.java:98) > at > org.apache.sling.testing.mock.sling.junit.SlingContext.access$000(SlingContext.java:32) > at > org.apache.sling.testing.mock.sling.junit.SlingContext$1.before(SlingContext.java:113) > at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:46) > at org.junit.rules.RunRules.evaluate(RunRules.java:20) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) > at org.junit.runners.ParentRunner.run(ParentRunner.java:363) > at > org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:283) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:173) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153) > at > org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:128) > at > org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203) > at > org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155) > at > org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103) > Caused by: java.lang.RuntimeException: No matching activation method with > name 'configure' found in class > org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl > at > org.apache.sling.testing.mock.osgi.OsgiServiceUtil.activateDeactivate(OsgiServiceUtil.java:157) > at > org.apache.sling.testing.mock.osgi.MockOsgi.activate(MockOsgi.java:190) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.registerServiceIfNotPresent(ResourceResolverFactoryInitializer.java:160) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.ensureResourceResolverFactoryActivatorDependencies(ResourceResolverFactoryInitializer.java:117) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.setUp(ResourceResolverFactoryInitializer.java:74) > at > org.apache.sling.testing.mock.sling.MockSling.newResourceResolverFactory(MockSling.java:88) > at > org.apache.sling.testing.mock.sling.context.ContextResourceResolverFactory.get(ContextResourceResolverFactory.java:45) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.newResourceResolverFactory(SlingContextImpl.java:107) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.setUp(SlingContextImpl.java:98) > at >
[jira] [Resolved] (SLING-6972) Add a request attribute in the SlingAuthenticator containing the list of request URI suffixes handled by the default authenticator
[ https://issues.apache.org/jira/browse/SLING-6972?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-6972. -- Resolution: Fixed Fix Version/s: Auth Core 1.3.28 fixed in r1799874 > Add a request attribute in the SlingAuthenticator containing the list of > request URI suffixes handled by the default authenticator > -- > > Key: SLING-6972 > URL: https://issues.apache.org/jira/browse/SLING-6972 > Project: Sling > Issue Type: Improvement > Components: Authentication >Reporter: Antonio Sanso >Assignee: Antonio Sanso > Fix For: Auth Core 1.3.28 > > > It would be useful to add a request attribute in the SlingAuthenticator > containing the list of request URI suffixes handled by the default > authenticator. In this way thge login JSPs can post j_username and j_password > to the correct dynamic URI. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-6957) Failing tests when updating version of org.apache.sling.serviceusermapper to 1.3.2
[ https://issues.apache.org/jira/browse/SLING-6957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16057085#comment-16057085 ] Antonio Sanso commented on SLING-6957: -- related mailing thread http://www.mail-archive.com/dev@sling.apache.org/msg68743.html > Failing tests when updating version of org.apache.sling.serviceusermapper to > 1.3.2 > -- > > Key: SLING-6957 > URL: https://issues.apache.org/jira/browse/SLING-6957 > Project: Sling > Issue Type: Bug > Components: JCR >Reporter: angela >Assignee: Antonio Sanso > > when updating the version of {{org.apache.sling.serviceusermapper}} from > _1.0.0_ to _1.3.2_ within the pom.xml of {{org.apache.sling.jcr.base}}, the > build of this module fails the following tests: > {code} > Running org.apache.sling.jcr.base.RepositoryInitializersTest > Tests run: 4, Failures: 0, Errors: 4, Skipped: 0, Time elapsed: 0.155 sec <<< > FAILURE! - in org.apache.sling.jcr.base.RepositoryInitializersTest > inOrderInitializers(org.apache.sling.jcr.base.RepositoryInitializersTest) > Time elapsed: 0.121 sec <<< ERROR! > java.lang.RuntimeException: Unable to initialize JCR_MOCK resource resolver > factory: No matching activation method with name 'configure' found in class > org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl > at > org.apache.sling.testing.mock.sling.context.ContextResourceResolverFactory.get(ContextResourceResolverFactory.java:69) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.newResourceResolverFactory(SlingContextImpl.java:107) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.setUp(SlingContextImpl.java:98) > at > org.apache.sling.testing.mock.sling.junit.SlingContext.access$000(SlingContext.java:32) > at > org.apache.sling.testing.mock.sling.junit.SlingContext$1.before(SlingContext.java:113) > at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:46) > at org.junit.rules.RunRules.evaluate(RunRules.java:20) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) > at org.junit.runners.ParentRunner.run(ParentRunner.java:363) > at > org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:283) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:173) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153) > at > org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:128) > at > org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203) > at > org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155) > at > org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103) > Caused by: java.lang.RuntimeException: No matching activation method with > name 'configure' found in class > org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl > at > org.apache.sling.testing.mock.osgi.OsgiServiceUtil.activateDeactivate(OsgiServiceUtil.java:157) > at > org.apache.sling.testing.mock.osgi.MockOsgi.activate(MockOsgi.java:190) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.registerServiceIfNotPresent(ResourceResolverFactoryInitializer.java:160) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.ensureResourceResolverFactoryActivatorDependencies(ResourceResolverFactoryInitializer.java:117) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.setUp(ResourceResolverFactoryInitializer.java:74) > at > org.apache.sling.testing.mock.sling.MockSling.newResourceResolverFactory(MockSling.java:88) > at > org.apache.sling.testing.mock.sling.context.ContextResourceResolverFactory.get(ContextResourceResolverFactory.java:45) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.newResourceResolverFactory(SlingContextImpl.java:107) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.setUp(SlingContextImpl.java:98) > at >
[jira] [Assigned] (SLING-6972) Add a request attribute in the SlingAuthenticator containing the list of request URI suffixes handled by the default authenticator
[ https://issues.apache.org/jira/browse/SLING-6972?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-6972: Assignee: Antonio Sanso > Add a request attribute in the SlingAuthenticator containing the list of > request URI suffixes handled by the default authenticator > -- > > Key: SLING-6972 > URL: https://issues.apache.org/jira/browse/SLING-6972 > Project: Sling > Issue Type: Improvement > Components: Authentication >Reporter: Antonio Sanso >Assignee: Antonio Sanso > > It would be useful to add a request attribute in the SlingAuthenticator > containing the list of request URI suffixes handled by the default > authenticator. In this way thge login JSPs can post j_username and j_password > to the correct dynamic URI. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (SLING-6972) Add a request attribute in the SlingAuthenticator containing the list of request URI suffixes handled by the default authenticator
Antonio Sanso created SLING-6972: Summary: Add a request attribute in the SlingAuthenticator containing the list of request URI suffixes handled by the default authenticator Key: SLING-6972 URL: https://issues.apache.org/jira/browse/SLING-6972 Project: Sling Issue Type: Improvement Components: Authentication Reporter: Antonio Sanso It would be useful to add a request attribute in the SlingAuthenticator containing the list of request URI suffixes handled by the default authenticator. In this way thge login JSPs can post j_username and j_password to the correct dynamic URI. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-6937) Referrer Filter: Allow Regex User Agent Exclusions
[ https://issues.apache.org/jira/browse/SLING-6937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-6937. > Referrer Filter: Allow Regex User Agent Exclusions > -- > > Key: SLING-6937 > URL: https://issues.apache.org/jira/browse/SLING-6937 > Project: Sling > Issue Type: Improvement > Components: Extensions >Affects Versions: Security 1.1.2 >Reporter: Dominique Jäggi >Assignee: Antonio Sanso > Fix For: Security 1.1.4 > > Attachments: > _SLING_6937___Referrer_Filter__Allow_Path_Exclusions-2.patch > > > For some cases it would be desirable to skip the referrer check altogether > for certain resource paths, instead of simply setting "Allow Empty Referrer", > thus weakening the security overall instead of only for a well known set of > paths for which it would be desirable. > For this reason i'd like to propose adding a path whitelist to the referrer > filter configuration. Patch attached. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-6316) Clarify description of Content-Disposition-Filter configuration
[ https://issues.apache.org/jira/browse/SLING-6316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-6316. > Clarify description of Content-Disposition-Filter configuration > --- > > Key: SLING-6316 > URL: https://issues.apache.org/jira/browse/SLING-6316 > Project: Sling > Issue Type: Improvement > Components: Extensions >Affects Versions: Security 1.1.2 >Reporter: Konrad Windszus >Assignee: Konrad Windszus > Fix For: Security 1.1.4 > > Attachments: SLING-6316-v01.patch > > > From the description of the Apache "Sling Content Disposition Filter" > component > (https://github.com/apache/sling/blob/02fb326a008418c51482090814e4bff3cac657c7/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java#L52) > it is not clear, that under all circumstances the > {{content-disposition:attachment}} is only then set if on the current > resource either a {{jcr:data}} or {{jcr:content/jcr:data}} property is found. > That is important information when you want to understand/configure the > filter correctly. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (SLING-6957) Failing tests when updating version of org.apache.sling.serviceusermapper to 1.3.2
[ https://issues.apache.org/jira/browse/SLING-6957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-6957: Assignee: Antonio Sanso > Failing tests when updating version of org.apache.sling.serviceusermapper to > 1.3.2 > -- > > Key: SLING-6957 > URL: https://issues.apache.org/jira/browse/SLING-6957 > Project: Sling > Issue Type: Bug > Components: JCR >Reporter: angela >Assignee: Antonio Sanso > > when updating the version of {{org.apache.sling.serviceusermapper}} from > _1.0.0_ to _1.3.2_ within the pom.xml of {{org.apache.sling.jcr.base}}, the > build of this module fails the following tests: > {code} > Running org.apache.sling.jcr.base.RepositoryInitializersTest > Tests run: 4, Failures: 0, Errors: 4, Skipped: 0, Time elapsed: 0.155 sec <<< > FAILURE! - in org.apache.sling.jcr.base.RepositoryInitializersTest > inOrderInitializers(org.apache.sling.jcr.base.RepositoryInitializersTest) > Time elapsed: 0.121 sec <<< ERROR! > java.lang.RuntimeException: Unable to initialize JCR_MOCK resource resolver > factory: No matching activation method with name 'configure' found in class > org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl > at > org.apache.sling.testing.mock.sling.context.ContextResourceResolverFactory.get(ContextResourceResolverFactory.java:69) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.newResourceResolverFactory(SlingContextImpl.java:107) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.setUp(SlingContextImpl.java:98) > at > org.apache.sling.testing.mock.sling.junit.SlingContext.access$000(SlingContext.java:32) > at > org.apache.sling.testing.mock.sling.junit.SlingContext$1.before(SlingContext.java:113) > at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:46) > at org.junit.rules.RunRules.evaluate(RunRules.java:20) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) > at org.junit.runners.ParentRunner.run(ParentRunner.java:363) > at > org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:283) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:173) > at > org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153) > at > org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:128) > at > org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203) > at > org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155) > at > org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103) > Caused by: java.lang.RuntimeException: No matching activation method with > name 'configure' found in class > org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl > at > org.apache.sling.testing.mock.osgi.OsgiServiceUtil.activateDeactivate(OsgiServiceUtil.java:157) > at > org.apache.sling.testing.mock.osgi.MockOsgi.activate(MockOsgi.java:190) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.registerServiceIfNotPresent(ResourceResolverFactoryInitializer.java:160) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.ensureResourceResolverFactoryActivatorDependencies(ResourceResolverFactoryInitializer.java:117) > at > org.apache.sling.testing.mock.sling.ResourceResolverFactoryInitializer.setUp(ResourceResolverFactoryInitializer.java:74) > at > org.apache.sling.testing.mock.sling.MockSling.newResourceResolverFactory(MockSling.java:88) > at > org.apache.sling.testing.mock.sling.context.ContextResourceResolverFactory.get(ContextResourceResolverFactory.java:45) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.newResourceResolverFactory(SlingContextImpl.java:107) > at > org.apache.sling.testing.mock.sling.context.SlingContextImpl.setUp(SlingContextImpl.java:98) > at > org.apache.sling.testing.mock.sling.junit.SlingContext.access$000(SlingContext.java:32) > at >
[jira] [Updated] (SLING-6561) Test case for SLING-6271
[ https://issues.apache.org/jira/browse/SLING-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-6561: - Fix Version/s: Security 1.1.4 > Test case for SLING-6271 > > > Key: SLING-6561 > URL: https://issues.apache.org/jira/browse/SLING-6561 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Rob Ryan >Assignee: Antonio Sanso >Priority: Minor > Fix For: Security 1.1.4 > > Attachments: sling6271test.patch > > > Attached is a proposed unit test for the issue reported in SLING-6271. > In the case of setContentType being called before and after > requestDispatcher.forward() each with the same content type SLING-6271 > reported that the response ended up with no content type header. > The key aspect of forward() was that it calls reset() which clears all > headers on the response. > The attached patch adds test cases for two scenarios around this: in case a > content disposition header is also needed, or in case a content disposition > header is not needed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (SLING-6937) Referrer Filter: Allow Regex User Agent Exclusions
[ https://issues.apache.org/jira/browse/SLING-6937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16047787#comment-16047787 ] Antonio Sanso edited comment on SLING-6937 at 6/13/17 12:18 PM: fix in rev. r1798584 Thanks a lot [~djaeggi] for the patch. Thanks was (Author: asanso): fix in rev. r1784271 Thanks a lot [~djaeggi] for the patch. Thanks > Referrer Filter: Allow Regex User Agent Exclusions > -- > > Key: SLING-6937 > URL: https://issues.apache.org/jira/browse/SLING-6937 > Project: Sling > Issue Type: Improvement > Components: Extensions >Affects Versions: Security 1.1.2 >Reporter: Dominique Jäggi >Assignee: Antonio Sanso > Fix For: Security 1.1.4 > > Attachments: > _SLING_6937___Referrer_Filter__Allow_Path_Exclusions-2.patch > > > For some cases it would be desirable to skip the referrer check altogether > for certain resource paths, instead of simply setting "Allow Empty Referrer", > thus weakening the security overall instead of only for a well known set of > paths for which it would be desirable. > For this reason i'd like to propose adding a path whitelist to the referrer > filter configuration. Patch attached. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (SLING-6937) Referrer Filter: Allow Regex User Agent Exclusions
[ https://issues.apache.org/jira/browse/SLING-6937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-6937. -- Resolution: Fixed Fix Version/s: Security 1.1.4 fix in rev. r1784271 Thanks a lot [~djaeggi] for the patch. Thanks > Referrer Filter: Allow Regex User Agent Exclusions > -- > > Key: SLING-6937 > URL: https://issues.apache.org/jira/browse/SLING-6937 > Project: Sling > Issue Type: Improvement > Components: Extensions >Affects Versions: Security 1.1.2 >Reporter: Dominique Jäggi >Assignee: Antonio Sanso > Fix For: Security 1.1.4 > > Attachments: > _SLING_6937___Referrer_Filter__Allow_Path_Exclusions-2.patch > > > For some cases it would be desirable to skip the referrer check altogether > for certain resource paths, instead of simply setting "Allow Empty Referrer", > thus weakening the security overall instead of only for a well known set of > paths for which it would be desirable. > For this reason i'd like to propose adding a path whitelist to the referrer > filter configuration. Patch attached. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (SLING-6937) Referrer Filter: Allow Regex User Agent Exclusions
[ https://issues.apache.org/jira/browse/SLING-6937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-6937: Assignee: Antonio Sanso > Referrer Filter: Allow Regex User Agent Exclusions > -- > > Key: SLING-6937 > URL: https://issues.apache.org/jira/browse/SLING-6937 > Project: Sling > Issue Type: Improvement > Components: Extensions >Affects Versions: Security 1.1.2 >Reporter: Dominique Jäggi >Assignee: Antonio Sanso > Attachments: > _SLING_6937___Referrer_Filter__Allow_Path_Exclusions-2.patch > > > For some cases it would be desirable to skip the referrer check altogether > for certain resource paths, instead of simply setting "Allow Empty Referrer", > thus weakening the security overall instead of only for a well known set of > paths for which it would be desirable. > For this reason i'd like to propose adding a path whitelist to the referrer > filter configuration. Patch attached. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (SLING-6563) Authentication Requirement: Siblings of Nodes with AuthRequired starting with same name result in 302
[ https://issues.apache.org/jira/browse/SLING-6563?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-6563. > Authentication Requirement: Siblings of Nodes with AuthRequired starting with > same name result in 302 > - > > Key: SLING-6563 > URL: https://issues.apache.org/jira/browse/SLING-6563 > Project: Sling > Issue Type: Bug > Components: Authentication >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Blocker > > - create a page e.g. /content/foo > - enable Authentication requirement for this page > - request this page > => you get 302, redirected to login page, correct > - request /content/fooLubber > => expected is 404, but you get as well 302 redirected to login page. > - request /content/PrefixLubberfoo > => you get 404 as expected > Looks like the path check uses a .startsWith() resulting in incorrect pages > with same name start but different suffices. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Closed] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-6053. > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Fix For: Auth Core 1.3.26 > > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16004565#comment-16004565 ] Antonio Sanso commented on SLING-6053: -- [~kwin] on top bq. Therefore the longest match for "/resource1.test.html" is "/resource1". But actually the resource "/resource1" and "/resource1.test" are siblings! Still the authentication requirement for "resource1" is applied which is IMHO not intended! This would also happen in the current behavior. The difference is that the new behavior will save more scenarios (see my committed tests) > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Fix For: Auth Core 1.3.26 > > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16004561#comment-16004561 ] Antonio Sanso commented on SLING-6053: -- [~kwin] said that the committed patch and the current behavior are both heurstic. IMHO the current behavior is way worse then the one I proposed in my patch and you seemed to agree in https://issues.apache.org/jira/browse/SLING-6053?focusedCommentId=16000473=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16000473 . > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Fix For: Auth Core 1.3.26 > > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16004543#comment-16004543 ] Antonio Sanso commented on SLING-6053: -- [~kwin] gotcha now. Sorry if it took so long. > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Fix For: Auth Core 1.3.26 > > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16004521#comment-16004521 ] Antonio Sanso commented on SLING-6053: -- [~kwin] you probably you might want to give a look at my previous comment https://issues.apache.org/jira/browse/SLING-6053?focusedCommentId=15885603=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15885603 > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Fix For: Auth Core 1.3.26 > > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16004423#comment-16004423 ] Antonio Sanso commented on SLING-6053: -- [~kwin] bq. . Then the AuthenticationHolder (not requiring authentication) applicable for /resource1 does also apply for its sibling resource /resource1.test which is not intended. AFAIK it will not > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Fix For: Auth Core 1.3.26 > > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16004373#comment-16004373 ] Antonio Sanso commented on SLING-6053: -- [~kwin] well I wonder how would be the setting in your use case. If you need to have {{/resource1.test}} that does not require authentication you need to specify (the default is that unless specified everything does require authentication) > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Fix For: Auth Core 1.3.26 > > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Resolved] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-6053. -- Resolution: Fixed Fix Version/s: Auth Core 1.3.26 > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Fix For: Auth Core 1.3.26 > > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16004335#comment-16004335 ] Antonio Sanso commented on SLING-6053: -- [~kwindszus] I added a test that covers your scenario in rev. 1794688 > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16002438#comment-16002438 ] Antonio Sanso commented on SLING-6053: -- applied patch in rev. 1794520 applied test patch from [~mkbrv] in rev 1794522. Thanks!! > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16000354#comment-16000354 ] Antonio Sanso commented on SLING-6053: -- [~kwin] I'd be inclined to apply this patch. Would you be fine with it ? > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6703) Sling Post Servlet: Do not hide original exception in AbstractPostResponse.setError
[ https://issues.apache.org/jira/browse/SLING-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15945118#comment-15945118 ] Antonio Sanso commented on SLING-6703: -- [~kwin] just guessing, the fact that you do not see anymore this issue might be a direct consequence of the loginAdministrative refactor done lately > Sling Post Servlet: Do not hide original exception in > AbstractPostResponse.setError > --- > > Key: SLING-6703 > URL: https://issues.apache.org/jira/browse/SLING-6703 > Project: Sling > Issue Type: Improvement > Components: Servlets >Affects Versions: Servlets Post 2.3.14 >Reporter: Konrad Windszus >Assignee: Konrad Windszus > Fix For: Servlets Post 2.3.16 > > > Currently {{AbstractPostResponse.setError}} > (https://github.com/apache/sling/blob/4df9ab2d6592422889c71fa13afd453a10a5a626/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java#L221) > always ignores the given {{Throwable}} and just creates a new generic > {{SlingException}}. > To e.g. allow {{SlingPostProcessor}} to throw meaningful exceptions which > occur in the response body, the given exception should not be wrapped but > just the given throwable's message text should be given out in the document. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Assigned] (SLING-6703) Sling Post Servlet: Do not create hide original exception in AbstractPostResponse.setError
[ https://issues.apache.org/jira/browse/SLING-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso reassigned SLING-6703: Assignee: (was: Antonio Sanso) > Sling Post Servlet: Do not create hide original exception in > AbstractPostResponse.setError > -- > > Key: SLING-6703 > URL: https://issues.apache.org/jira/browse/SLING-6703 > Project: Sling > Issue Type: Improvement > Components: Servlets >Affects Versions: Servlets Post 2.3.14 >Reporter: Konrad Windszus > Fix For: Servlets Post 2.3.16 > > > Currently {{AbstractPostResponse.setError}} > (https://github.com/apache/sling/blob/4df9ab2d6592422889c71fa13afd453a10a5a626/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java#L221) > always ignores the given {{Throwable}} and just creates a new generic > {{SlingException}}. > To e.g. allow {{SlingPostProcessor}} to throw meaningful exceptions which > occur in the response body, the given exception should not be wrapped but > just the given throwable's message text should be given out in the document. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15885681#comment-15885681 ] Antonio Sanso commented on SLING-6053: -- [~kwin] I did double check and it really looks like {{findApplicableHolders}} returns a sorted Collection ordered by length. This should avoid completely the problem you describe. Unless I am missing something... Thanks so far! > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15885603#comment-15885603 ] Antonio Sanso commented on SLING-6053: -- [~kwin] I need to check but I think that {{findApplicableHolders}} returns a sorted {{Collection}} ordered by length. Hence the problem you mentioned should not occur right? Thanks about the wrong import . I will remove it.. > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-6053: - Attachment: SLING-6053-patch.txt Attaching proposing patch. [~kwin] WDYT? > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15882611#comment-15882611 ] Antonio Sanso commented on SLING-6053: -- Thanks [~mkbrv] . So far I applied your test cases in r1784273. Putting one for now with {{@Ignore}} > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication >Affects Versions: Auth Core 1.3.18 >Reporter: Miklos Csere >Assignee: Antonio Sanso >Priority: Blocker > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (SLING-6563) Authentication Requirement: Siblings of Nodes with AuthRequired starting with same name result in 302
[ https://issues.apache.org/jira/browse/SLING-6563?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso updated SLING-6563: - Fix Version/s: (was: SLING-6053) > Authentication Requirement: Siblings of Nodes with AuthRequired starting with > same name result in 302 > - > > Key: SLING-6563 > URL: https://issues.apache.org/jira/browse/SLING-6563 > Project: Sling > Issue Type: Bug > Components: Authentication >Reporter: Antonio Sanso >Assignee: Antonio Sanso >Priority: Blocker > > - create a page e.g. /content/foo > - enable Authentication requirement for this page > - request this page > => you get 302, redirected to login page, correct > - request /content/fooLubber > => expected is 404, but you get as well 302 redirected to login page. > - request /content/PrefixLubberfoo > => you get 404 as expected > Looks like the path check uses a .startsWith() resulting in incorrect pages > with same name start but different suffices. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Closed] (SLING-6561) Test case for SLING-6271
[ https://issues.apache.org/jira/browse/SLING-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso closed SLING-6561. > Test case for SLING-6271 > > > Key: SLING-6561 > URL: https://issues.apache.org/jira/browse/SLING-6561 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Rob Ryan >Assignee: Antonio Sanso >Priority: Minor > Attachments: sling6271test.patch > > > Attached is a proposed unit test for the issue reported in SLING-6271. > In the case of setContentType being called before and after > requestDispatcher.forward() each with the same content type SLING-6271 > reported that the response ended up with no content type header. > The key aspect of forward() was that it calls reset() which clears all > headers on the response. > The attached patch adds test cases for two scenarios around this: in case a > content disposition header is also needed, or in case a content disposition > header is not needed. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6561) Test case for SLING-6271
[ https://issues.apache.org/jira/browse/SLING-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15882569#comment-15882569 ] Antonio Sanso commented on SLING-6561: -- applied patch from [~rr...@adobe.com] in r1784271 . Thanks > Test case for SLING-6271 > > > Key: SLING-6561 > URL: https://issues.apache.org/jira/browse/SLING-6561 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Rob Ryan >Assignee: Antonio Sanso >Priority: Minor > Attachments: sling6271test.patch > > > Attached is a proposed unit test for the issue reported in SLING-6271. > In the case of setContentType being called before and after > requestDispatcher.forward() each with the same content type SLING-6271 > reported that the response ended up with no content type header. > The key aspect of forward() was that it calls reset() which clears all > headers on the response. > The attached patch adds test cases for two scenarios around this: in case a > content disposition header is also needed, or in case a content disposition > header is not needed. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Resolved] (SLING-6561) Test case for SLING-6271
[ https://issues.apache.org/jira/browse/SLING-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Antonio Sanso resolved SLING-6561. -- Resolution: Done > Test case for SLING-6271 > > > Key: SLING-6561 > URL: https://issues.apache.org/jira/browse/SLING-6561 > Project: Sling > Issue Type: Bug > Components: Extensions >Reporter: Rob Ryan >Assignee: Antonio Sanso >Priority: Minor > Attachments: sling6271test.patch > > > Attached is a proposed unit test for the issue reported in SLING-6271. > In the case of setContentType being called before and after > requestDispatcher.forward() each with the same content type SLING-6271 > reported that the response ended up with no content type header. > The key aspect of forward() was that it calls reset() which clears all > headers on the response. > The attached patch adds test cases for two scenarios around this: in case a > content disposition header is also needed, or in case a content disposition > header is not needed. -- This message was sent by Atlassian JIRA (v6.3.15#6346)