[
https://issues.apache.org/jira/browse/SLING-6191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15609626#comment-15609626
]
Jörg Hoh commented on SLING-6191:
---------------------------------
I think, that it's correct that the user session is used to create the node in
/var/bg/jobs. Using a service user would allow everyone (even the anonymous
user) to create a background job, which would be a huge problem.
So if you need to grant access for certain users to that folder, you can easily
restrict access to use this feature. When you use a service user, you need to
implement another mechanism to restrict access.
> Background servlets uses the user's session to create job node
> --------------------------------------------------------------
>
> Key: SLING-6191
> URL: https://issues.apache.org/jira/browse/SLING-6191
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Background Servlets 1.0.6
> Reporter: Santiago García Pimentel
>
> When you call a background servlet, it will create a node by default in
> /var/bg/jobs. This is done using the same session of the user that made the
> request.
> This causes problems since it is possible that the user does not have write
> access to that directory. If this is the case the request will fail due to an
> AccessDeniedException.
> Also, the node doesn't seem exist by default, so you have to manually create
> it to apply any permissions to it.
> Instead the job node should be created with a dedicated user.
> I reproduced this with org.apache.sling.bgservlets 1.0.6
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
