Carsten Ziegeler created SLING-12074: ----------------------------------------
Summary: ScriptingVariablesConsolePlugin might use wrong security provider Key: SLING-12074 URL: https://issues.apache.org/jira/browse/SLING-12074 Project: Sling Issue Type: Bug Components: Scripting Affects Versions: Scripting Core 2.4.8 Reporter: Carsten Ziegeler Assignee: Carsten Ziegeler Fix For: Scripting Core 2.4.10 In order to show the variable bindings, the webconsole plugin introduced with SLING-3543 uses a "trick" and actually invokes Sling via a servlet to get the requested information. The check in the servlet is only checking if there is a WebConsoleSecurityProvider2 registered - it is not checking whether it is the correct one, nor whether that is actually using Sling authentication. With new features added to the Sling API we can completely remove that default servlet and let the plugin directly call into Sling. This gives a "correct" check, removes the unneeded default servlet and reduces the dependency on the web console. -- This message was sent by Atlassian Jira (v8.20.10#820010)