[
https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16004565#comment-16004565
]
Antonio Sanso commented on SLING-6053:
--------------------------------------
[~kwin]
on top
bq. Therefore the longest match for "/resource1.test.html" is "/resource1". But
actually the resource "/resource1" and "/resource1.test" are siblings! Still
the authentication requirement for "resource1" is applied which is IMHO not
intended!
This would also happen in the current behavior. The difference is that the new
behavior will save more scenarios (see my committed tests)
> SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
> ------------------------------------------------------------------------
>
> Key: SLING-6053
> URL: https://issues.apache.org/jira/browse/SLING-6053
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.3.18
> Reporter: Miklos Csere
> Assignee: Antonio Sanso
> Priority: Blocker
> Fix For: Auth Core 1.3.26
>
> Attachments: SLING-6053-patch.txt
>
>
> Issue can be reproduced with the following steps:
> Create node "/page"
> Create sibling node "/page1"
> Define a protection handler for node: "/page"
> Expected:
> "/page" has AuthenticationInfo
> "/page1" does not have AuthenticationInfo (has anonymous)
>
> Actual: "/page" & "page1" are both having AuthenticationInfo
>
> Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path))
> Warning: The same check is used in 4 more places in code with similar
> behaviour.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
