Felix, 1) The problem is controlling the message. Many folks, very reasonably, want to control exactly how they serve their content (from their "trusted" domain) so its taken in context. For example, in Pharma, if i have a page resource, and the body paragraph and the disclaimer content is maintained in separate nodes and/or properties, i do not want there to be *ANY WAY* for to serve up the content without the disclaimer (if someone links straight to the body property, patients could see this content served from www.im-a-pharma.com and the Pharma company could have *big* legal issues. This is an extreme (legal) example, but its very reasonable for folks to control how their messages are made available. Default renditions make this di
2) A number of people have alluded to property level ACLs (lars did as well in a thread I started ahwile back), however I have not been able to locate the exact mechanism for this. The closest I can find is the Jackrabbit ACL GlobPattern which, AFIAT, does node level restrictions, not property-level. [1] Have I been misinterpretion the suggestions and it Is really to move any "permissioned properties" into a subnode (or some other node) and ACE that node? [1] http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/authorization/GlobPattern.html Thanks! On Mon, Nov 19, 2012 at 3:58 AM, Felix Meschberger <[email protected]> wrote: > Hi, > > A property also resolves to a Resource when accessed and the default get > servlet sends it as a response. > > What's the problem here ? > > You might want to use access control to prevent this. > > Regards > Felix > > Am 16.11.2012 um 22:06 schrieb David G.: > >> Is there a way to prevent making a GET for the full path to a property >> to NOT return the property's value: >> >> HTTP GET /content/site/page/jcr:content/page-property ==> "this is >> the page property value" >> >> I want it to return nothing -- i would be find being able to control >> this on a per-resourcetype basis as well. >> >> I did not see this an a option on the Sling GET Servlet. Is it >> configured someplace else perhaps? >> >> Thanks! >
