Eric Norman created SLING-7816:
----------------------------------
Summary: The GetAclServlet and GetEffectiveAclServlet components
should be only mapped to the json extension
Key: SLING-7816
URL: https://issues.apache.org/jira/browse/SLING-7816
Project: Sling
Issue Type: Bug
Affects Versions: JCR Jackrabbit Access Manager 3.0.0
Reporter: Eric Norman
Fix For: JCR Jackrabbit Access Manager 3.0.2
The GetAclServlet and GetEffectiveAclServlet are missing the
"sling.servlet.extensions=json" property which means that those servlets may
get unintentionally mapped to other (non-json) file extensions.
This defect can prevent the developer from providing a custom
libs/sling/servlet/default/acl.html script to provide an HTML view of the acl
of a JCR node.
For example, without the missing "sling.servlet.extensions=json" property, a
request to /node.acl.html may return the json response instead of the expected
response from the acl.html script.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
