[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16004589#comment-16004589 ]
Konrad Windszus commented on SLING-6053: ---------------------------------------- Yes right, but the current behaviour is more complicated to describe.The previous one was just a prefix (request) path matching. Now there is a heuristic which tries to determine the resource path from the request path by ignoring the parts after the first ".". This is invalid (in case the resource name includes a "." itself). I would propose to investigate whether the resource resolver can be leveraged here to really determine the correct resource path from the given request path. > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > ------------------------------------------------------------------------ > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication > Affects Versions: Auth Core 1.3.18 > Reporter: Miklos Csere > Assignee: Antonio Sanso > Priority: Blocker > Fix For: Auth Core 1.3.26 > > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)