Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Duplicate
-
None
-
None
-
None
Description
- create a page e.g. /content/foo
- enable Authentication requirement for this page
- request this page
=> you get 302, redirected to login page, correct
- request /content/fooLubber
=> expected is 404, but you get as well 302 redirected to login page.
- request /content/PrefixLubberfoo
=> you get 404 as expected
Looks like the path check uses a .startsWith() resulting in incorrect pages with same name start but different suffices.
Attachments
Issue Links
- duplicates
-
SLING-6053 SlingAuthenticator identifies wrong sibling node with AuthenticationInfo
- Closed