Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-6563

Authentication Requirement: Siblings of Nodes with AuthRequired starting with same name result in 302

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Duplicate
    • None
    • None
    • Authentication
    • None

    Description

      • create a page e.g. /content/foo
      • enable Authentication requirement for this page
      • request this page

      => you get 302, redirected to login page, correct

      • request /content/fooLubber

      => expected is 404, but you get as well 302 redirected to login page.

      • request /content/PrefixLubberfoo
        => you get 404 as expected

      Looks like the path check uses a .startsWith() resulting in incorrect pages with same name start but different suffices.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. SLING-6053 SlingAuthenticator identifies wrong sibling node with AuthenticationInfo

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Activity

            People

              asanso Antonio Sanso
              asanso Antonio Sanso
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: