On 04.11.11 22:03, "Justin Edelson" <jus...@justinedelson.com> wrote:
>On Fri, Nov 4, 2011 at 6:13 AM, Felix Meschberger <fmesc...@adobe.com> >wrote: >>So I am contemplating the following change to the >>SlingAuthenticator.handleSecurity method: If the method would return >>with true (indicating regular request processing) but the request is >>POST to .../j_security_check, then the request should actually fail with >>a 403. +1 >But I'd suggest making this a configurable list of paths, defaulting >to /j_security_check +1 Alex -- Alexander Klimetschek Developer // Adobe (Day) // Berlin - Basel
