On 04.11.11 22:03, "Justin Edelson" <[email protected]> wrote:
>On Fri, Nov 4, 2011 at 6:13 AM, Felix Meschberger <[email protected]> >wrote: >>So I am contemplating the following change to the >>SlingAuthenticator.handleSecurity method: If the method would return >>with true (indicating regular request processing) but the request is >>POST to .../j_security_check, then the request should actually fail with >>a 403. +1 >But I'd suggest making this a configurable list of paths, defaulting >to /j_security_check +1 Alex -- Alexander Klimetschek Developer // Adobe (Day) // Berlin - Basel
