This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/sling-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new e358ba1 Automatic website deployment from
https://ci-builds.apache.org/job/Sling/job/modules/job/sling-site/job/master/10/
e358ba1 is described below
commit e358ba170113c373ab91c594cb900d09f4b92d65
Author: jenkins <[email protected]>
AuthorDate: Tue Aug 25 08:38:27 2020 +0000
Automatic website deployment from
https://ci-builds.apache.org/job/Sling/job/modules/job/sling-site/job/master/10/
---
.../mappings-for-resource-resolution.html | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git
a/documentation/the-sling-engine/mappings-for-resource-resolution.html
b/documentation/the-sling-engine/mappings-for-resource-resolution.html
index d229660..83aa69f 100644
--- a/documentation/the-sling-engine/mappings-for-resource-resolution.html
+++ b/documentation/the-sling-engine/mappings-for-resource-resolution.html
@@ -326,6 +326,19 @@ for (String segment: segments) {
<li>delete the vanityBloomFilter.txt file</li>
<li>start Apache Sling (this might take few minutes, depending on how many
vanity path entries are present)</li>
</ul>
+<h2><a href="#interactions-between-mappings-and-authentication-requirements"
id="interactions-between-mappings-and-authentication-requirements">Interactions
between mappings and authentication requirements</a></h2>
+<p>The <a href="/documentation/the-sling-engine/authentication.html">Sling
authentication</a> mechanism works by registering authentication requirements
for paths which are protected. Normally these authentication requirements
transparently apply to child resources as well due to the hierarchical nature
of the paths used.</p>
+<p>Additional mappings complicate the situation, therefore additional
authentication requirements are automatically registered by Sling. For
instance, assuming the following repository structure:</p>
+<p><code>/content +-- parent +-- sling:alias = "secret" +--
child</code></p>
+<p>and that <code>/content/parent</code> is a protected resource,
authentication requirements will automatically be registered for both
<code>/content/parent</code> and <code>/content/secret</code>.</p>
+<p>One scenario where authentication requirements will not be registered
properly is when the child of a protected resource has an external vanity path
( or resource mapping ) that is not a descendant of an existing authentication
requirement, such as:</p>
+<p><code>/content +-- parent +-- child +-- sling:vanityPath =
"/vanity"</code></p>
+<p>In this scenario no authentication requirement will be registered for
<code>/vanity</code>, which lead to the resource being accessible without
authentication. If registering mappings for children of protected resources is
desired, the following precautions must be taken:</p>
+<ul>
+<li>use external redirects. These will instruct the client to generate a new
HTTP request, which will be properly handled by the Sling authentication</li>
+<li>manually set up authentication reqiurements for internal mappings</li>
+</ul>
+<p>For an in-depth discussion on the matter, see <a
href="https://issues.apache.org/jira/browse/SLING-9622";>SLING-9622 - Avoid
registration of auth requirements for aliases and vanity paths</a>.</p>
<h2><a href="#namespace-mangling" id="namespace-mangling">Namespace
Mangling</a></h2>
<p>There are systems accessing Sling, which have a hard time handling URLs
containing colons (<code>:</code>) in the path part correctly. Since URLs
produced and supported by Sling may contain colons as JCR based resources may
be namespaced (e.g. <code>jcr:content</code>), a special namespace mangling
feature is built into the <code>ResourceResolver.resolve(...)</code> and
<code>ResourceResolver.map(...)</code> methods.</p>
<p>Namespace mangling operates such, that any namespace prefix identified in a
resource path to be mapped as an URL in the <code>map</code> methods is
modified such that the prefix is enclosed in underscores and the colon is
removed.</p>
@@ -349,7 +362,7 @@ for (String segment: segments) {
</div><footer class="footer">
<div class="content has-text-centered is-small">
<div class="revisionInfo">
- Last modified by <span class="author">Robert
Munteanu</span> on <span class="comment">Fri Aug 7 15:34:21 2020 +0200</span>
+ Last modified by <span class="author">Robert
Munteanu</span> on <span class="comment">Tue Aug 25 10:34:25 2020 +0200</span>
</div> <p>
Apache Sling, Sling, Apache, the Apache feather logo,
and the Apache Sling project logo are trademarks of The Apache Software
Foundation. All other marks mentioned may be trademarks or registered
trademarks of their respective owners.
</p><p>
