[jira] [Commented] (SLING-2136) Sling POST Servlet: Configuration of Allowed Paths

Thu, 24 Nov 2011 00:17:06 -0800 

    [ 
https://issues.apache.org/jira/browse/SLING-2136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13156593#comment-13156593
 ] 

Carsten Ziegeler commented on SLING-2136:
-----------------------------------------

Yes, I agree with Felix - requiring the :operation paramter solves the path 
problem but also solves the problem if you have a special post servlet for a 
resource type and for whatever reason this servlet is not available. It's not 
maintainable nor possible to configure all combinations of paths and resource 
types (either white or black lists) for the post servlet to get the same 
result. If the default post servlet only acts when the :operation paramter is 
submitted is a clean and elegant way to solve all these problems.
                
> Sling POST Servlet: Configuration of Allowed Paths
> --------------------------------------------------
>
>                 Key: SLING-2136
>                 URL: https://issues.apache.org/jira/browse/SLING-2136
>             Project: Sling
>          Issue Type: Improvement
>          Components: Servlets
>    Affects Versions: Servlets Post 2.1.2
>            Reporter: Andrew Khoury
>         Attachments: post_servlet_filter-1205238.patch
>
>
> It would be nice if you could configure rules or regular expressions for 
> paths the sling post servlet is allowed to work under.  This would be good 
> for both security reasons and for protecting against conflicts with other 
> servlets.
> For example:
> Let's say you have a servlet ReplicationServlet registered to receive POST 
> requests under path /bin/replicate.
> However, during startup, before the ReplicationServlet component has been 
> enabled, a user tries to do a POST to /bin/replicate.  In this case, instead 
> of executing the ReplicationServlet, the POST servlet is executed and it 
> creates a node under /bin/replicate.  Now, as long as the node /bin/replicate 
> exists... the ReplicationServlet will not be executed for requests to 
> /bin/replicate.  This presents a problem and explains the necessity for this 
> feature.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to