[
https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16004357#comment-16004357
]
Konrad Windszus commented on SLING-6053:
----------------------------------------
[~asanso] IIUC then
https://github.com/apache/sling/commit/e78b6b0c6f3ca85d4c21440b45dca6fe02345942#diff-b4de7814d0639d73de908946d425e8f1R246
only tests where both {{/resource1}} and {{/resource1.test}} have an
AuthenticationInfo bound.
But my use case is different. I only have set an AuthenticationInfo to
{{/resource1}} and none set on {{/resource1.test}}. Still I assume that with
your fix {{//resource1.test}} would be covered by the AuthenticationInfo set
for {{/resource1}}. Isn't that right?
> SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
> ------------------------------------------------------------------------
>
> Key: SLING-6053
> URL: https://issues.apache.org/jira/browse/SLING-6053
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.3.18
> Reporter: Miklos Csere
> Assignee: Antonio Sanso
> Priority: Blocker
> Fix For: Auth Core 1.3.26
>
> Attachments: SLING-6053-patch.txt
>
>
> Issue can be reproduced with the following steps:
> Create node "/page"
> Create sibling node "/page1"
> Define a protection handler for node: "/page"
> Expected:
> "/page" has AuthenticationInfo
> "/page1" does not have AuthenticationInfo (has anonymous)
>
> Actual: "/page" & "page1" are both having AuthenticationInfo
>
> Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path))
> Warning: The same check is used in 4 more places in code with similar
> behaviour.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
