Antonio Sanso created SLING-6563:
------------------------------------

             Summary: Authentication Requirement: Siblings of Nodes with 
AuthRequired starting with same name result in 302
                 Key: SLING-6563
                 URL: https://issues.apache.org/jira/browse/SLING-6563
             Project: Sling
          Issue Type: Bug
          Components: Authentication
            Reporter: Antonio Sanso
            Assignee: Antonio Sanso


- create a page e.g. /content/foo
- enable Authentication requirement for this page
- request this page

=> you get 302, redirected to login page, correct

- request  /content/fooLubber

=> expected is 404, but you get as well 302 redirected to login page.

- request /content/PrefixLubberfoo
=> you get 404 as expected

Looks like the path check uses a .startsWith() resulting in incorrect pages 
with same name start but different suffices.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to