[jira] [Created] (SLING-3482) Synthetic resources should lead to a 404

Carsten Ziegeler (JIRA) Thu, 27 Mar 2014 01:38:24 -0700

Carsten Ziegeler created SLING-3482:
---------------------------------------


             Summary: Synthetic resources should lead to a 404
                 Key: SLING-3482
                 URL: https://issues.apache.org/jira/browse/SLING-3482
             Project: Sling
          Issue Type: Bug
          Components: ResourceResolver
    Affects Versions: Resource Resolver 1.0.6
            Reporter: Carsten Ziegeler
            Assignee: Carsten Ziegeler
             Fix For: Resource Resolver 1.1.0


If e.g. /libs is requested by a user who does not have access to /libs, a 
synthetic resource for libs is returned which is then rendered.
This is due to the special handling for servlet resources which are mounted at 
/libs/....
I think the code in ResourceProviderEntry#getInternalResource is too generic:
            if (entries.size() > 0 && entries.size() == elements.length) {
                if (entries.get(entries.size() - 
1).getResourceProviders().length == 0) {
                    logger.debug("Resolved Synthetic {}", fullPath);
                    return new SyntheticResource(resourceResolver, fullPath, 
ResourceProvider.RESOURCE_TYPE_SYNTHETIC);
                }
            }

However, fixing this might break other parts like the servlet resolver relying 
on it



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Created] (SLING-3482) Synthetic resources should lead to a 404

Reply via email to