joerghoh commented on code in PR #37:
URL:
https://github.com/apache/sling-org-apache-sling-servlets-resolver/pull/37#discussion_r1237045543
##########
src/main/java/org/apache/sling/servlets/resolver/internal/helper/LocationCollector.java:
##########
@@ -208,4 +209,75 @@ private void collectPaths() {
}
return rst;
}
+
+ /**
+ * Resolve a path to a resource; the cacheMap is used for it.
+ * @param path the path
+ * @return the resource for it or null
+ */
+ private @Nullable Resource resolveResource(@NotNull String path) {
+ if (cacheMap.containsKey(path)) {
+ return cacheMap.get(path);
+ } else {
+ Resource r = resolver.getResource(path);
+ cacheMap.put(path, r);
+ return r;
+ }
+ }
+
+
+
+ // ---- static helpers ---
+
+ static @NotNull List<Resource> getLocations(String resourceType, String
resourceSuperType, String baseResourceType,
+ ResourceResolver resolver) {
+
+ @SuppressWarnings("unchecked")
+ Map<String,Resource> m = (Map<String,Resource>)
resolver.getPropertyMap().get(CACHE_KEY);
+ if (m == null) {
+ m = new HashMap<>();
+ resolver.getPropertyMap().put(CACHE_KEY, m);
Review Comment:
The ``propertyMap`` of the ResourceResolver is "public" in a way, that
everyone who has access to that ResourceResolver can read and write it. That
means that any code accessing it can read and modify it.
I don't think that this is a big security concern, because at that point if
you have access to that object, you have your code already running in the JVM.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
