[jira] [Commented] (SLING-6053) SlingAuthenticator identifies wrong sibling node with AuthenticationInfo

Tue, 13 Sep 2016 07:07:29 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15487297#comment-15487297
 ] 

ASF GitHub Bot commented on SLING-6053:
---------------------------------------

GitHub user mkbrv opened a pull request:

    https://github.com/apache/sling/pull/172

    Bug/sling 6053 slingauthenticator wrong sibling node

    https://issues.apache.org/jira/browse/SLING-6053 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/mkbrv/sling 
bug/SLING-6053-slingauthenticator-wrong-sibling-node

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/sling/pull/172.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #172
    
----
commit 396542fe8602f347ae257881dd6a3fa36ec688fb
Author: Miklos Csere <[email protected]>
Date:   2016-09-13T13:18:25Z

    SLING-6053
    SlingAuthenticator identifies wrong sibling node with AuthenticationInfo

commit 424e4124a864a990ed02650b0c1993a7bce3f22f
Author: Miklos Csere <[email protected]>
Date:   2016-09-13T14:03:54Z

    SLING-6053
    SlingAuthenticator identifies wrong sibling node with AuthenticationInfo  - 
solution with test coverage.

commit c9b687d4f27ea060125d666191748d86600e059f
Author: Miklos Csere <[email protected]>
Date:   2016-09-13T14:05:38Z

    SLING-6053
    SlingAuthenticator identifies wrong sibling node with AuthenticationInfo  - 
solution with test coverage.

----


> SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
> ------------------------------------------------------------------------
>
>                 Key: SLING-6053
>                 URL: https://issues.apache.org/jira/browse/SLING-6053
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.3.18
>            Reporter: Miklos Csere
>
> Issue can be reproduced with the following steps:
>     Create node "/page" 
>     Create sibling node "/page1"
>     Define a protection handler for node: "/page"
> Expected: 
>             "/page" has AuthenticationInfo
>              "/page1" does not have AuthenticationInfo (has anonymous)
>   
> Actual:  "/page" & "page1" are both having AuthenticationInfo
>      
> Reason: SlingAuthenticator.java line 726:  if (path.startsWith(holder.path)) 
> Warning: The same check is used in 4 more places in code with similar 
> behaviour.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to