[
https://issues.apache.org/jira/browse/SLING-2136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13159324#comment-13159324
]
Carsten Ziegeler commented on SLING-2136:
-----------------------------------------
I think the right way is to use ACLs. Adding a new configuration option which
basically is an ACL in a servlet is not the right approach.
Another workaround is to add a servlet filter
> Sling POST Servlet: Configuration of Allowed Paths
> --------------------------------------------------
>
> Key: SLING-2136
> URL: https://issues.apache.org/jira/browse/SLING-2136
> Project: Sling
> Issue Type: Improvement
> Components: Servlets
> Affects Versions: Servlets Post 2.1.2
> Reporter: Andrew Khoury
> Attachments: post_servlet_filter-1205238.patch
>
>
> It would be nice if you could configure rules or regular expressions for
> paths the sling post servlet is allowed to work under. This would be good
> for both security reasons and for protecting against conflicts with other
> servlets.
> For example:
> Let's say you have a servlet ReplicationServlet registered to receive POST
> requests under path /bin/replicate.
> However, during startup, before the ReplicationServlet component has been
> enabled, a user tries to do a POST to /bin/replicate. In this case, instead
> of executing the ReplicationServlet, the POST servlet is executed and it
> creates a node under /bin/replicate. Now, as long as the node /bin/replicate
> exists... the ReplicationServlet will not be executed for requests to
> /bin/replicate. This presents a problem and explains the necessity for this
> feature.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
