[
https://issues.apache.org/jira/browse/SLING-4748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14559081#comment-14559081
]
Jörg Hoh commented on SLING-4748:
---------------------------------
Looks better now, thanks! No StackOverflowException anymore. We probably need
to handle a resulting "AccessDeniedException" better, but that's something for
another ticket.
> Request using "sling:bg=true" causes StackOverflow when no read access to /var
> ------------------------------------------------------------------------------
>
> Key: SLING-4748
> URL: https://issues.apache.org/jira/browse/SLING-4748
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Background Servlet 1.0.0
> Reporter: Jörg Hoh
> Assignee: Bertrand Delacretaz
> Fix For: Background Servlet 1.0.0
>
>
> I have a system, where the anonymous user does not have read access to
> /var/bg. When I do a call to it (for example:
> http://localhost:4503/?sling:bg=true";, it returns with a internal server
> error. The log shows a stackoverflow exception, caused by
> {code}
> ...
> at
> org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54)
> at
> org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54)
> ...
> {code}
> Looking at this line in the code I see a recursive call of deepCreateNode,
> which is executed, when the item itself does not exist. Which is true from
> the view of an anonymous session, which doesn't have read access to nodes
> beneath /var.
> The code should be improved, so it does either check with an admin session
> that the path exists, but is simply not readable, or preferably add some
> detection, that it has already reached "/" and that it doesn't make sense to
> continue then.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
