Jörg Hoh created SLING-4749:
-------------------------------
Summary: Request using "sling:bg=true" causes StackOverflow when
no read access to /var
Key: SLING-4749
URL: https://issues.apache.org/jira/browse/SLING-4749
Project: Sling
Issue Type: Bug
Components: Extensions
Affects Versions: Background Servlet 1.0.0
Reporter: Jörg Hoh
I have a system, where the anonymous user does not have read access to /var/bg.
When I do a call to it (for example: http://localhost:4503/?sling:bg=true";, it
returns with a internal server error. The log shows a stackoverflow exception,
caused by
{code}
...
at
org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54)
at
org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54)
...
{code}
Looking at this line in the code I see a recursive call of deepCreateNode,
which is executed, when the item itself does not exist. Which is true from the
view of an anonymous session, which doesn't have read access to nodes beneath
/var.
The code should be improved, so it does either check with an admin session that
the path exists, but is simply not readable, or preferably add some detection,
that it has already reached "/" and that it doesn't make sense to continue
then.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
