[
https://issues.apache.org/jira/browse/SLING-2592?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ian Boston resolved SLING-2592.
-------------------------------
Resolution: Fixed
Fix Version/s: Auth Core 1.1.2
> Anonymous/nonanonymous access grant is not effective for mapped paths.
> ----------------------------------------------------------------------
>
> Key: SLING-2592
> URL: https://issues.apache.org/jira/browse/SLING-2592
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.0.6
> Reporter: Dominik Smogór
> Assignee: Ian Boston
> Fix For: Auth Core 1.1.2
>
> Attachments: authcore-SLING-2592.patch
>
>
> I'm using sling with CQ 5.4 with a custom authentication handler and custom
> auth info provider (one that sets "sling.auth.requirements" property). The
> handler expects requestCredentials to be called for some paths. When any of
> them is mapped (requestResolver.map returns full http URL) the
> SlingAuthenticator fails to recognize path as non anonymous and the request
> processing ends with 404 error instead of login page redirect.
> What is changed by the path:
> Without the patch, the following code:
> final Map<String, List<Type>> byHostMap = cache.get(request.getScheme());
> if ( byHostMap != null ) {
> result[0] = byHostMap.get(hostname);
> result[1] = byHostMap.get("");
> }
> was not effective.
> The code retrieves a Holder from the cache keeping mapped paths as mapped
> paths include both scheme and hostname.
> The returned result array is processed top-bottom by the caller.
> Thanks to the patch, a shortened (mapped) path can be found in the "http
> indexed" cache, and authentication request can be issued.
> The change might possibly cause existing code that, is based on this
> misbehavior to no longer work.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
