Antonio Sanso created SLING-6563:
------------------------------------
Summary: Authentication Requirement: Siblings of Nodes with
AuthRequired starting with same name result in 302
Key: SLING-6563
URL: https://issues.apache.org/jira/browse/SLING-6563
Project: Sling
Issue Type: Bug
Components: Authentication
Reporter: Antonio Sanso
Assignee: Antonio Sanso
- create a page e.g. /content/foo
- enable Authentication requirement for this page
- request this page
=> you get 302, redirected to login page, correct
- request /content/fooLubber
=> expected is 404, but you get as well 302 redirected to login page.
- request /content/PrefixLubberfoo
=> you get 404 as expected
Looks like the path check uses a .startsWith() resulting in incorrect pages
with same name start but different suffices.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)