Hi, Another option would be to have a special ResourceProvider which returns SyntheticResources in case of any access to below /bin which is not backed by a registered servlet. Such a SyntheticResource would not allow the POST Servlet to write anything back to anywhere !
Regards Felix Am 29.11.2011 um 16:55 schrieb Carsten Ziegeler (Commented) (JIRA): > > [ > https://issues.apache.org/jira/browse/SLING-2136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13159324#comment-13159324 > ] > > Carsten Ziegeler commented on SLING-2136: > ----------------------------------------- > > I think the right way is to use ACLs. Adding a new configuration option which > basically is an ACL in a servlet is not the right approach. > > Another workaround is to add a servlet filter > >> Sling POST Servlet: Configuration of Allowed Paths >> -------------------------------------------------- >> >> Key: SLING-2136 >> URL: https://issues.apache.org/jira/browse/SLING-2136 >> Project: Sling >> Issue Type: Improvement >> Components: Servlets >> Affects Versions: Servlets Post 2.1.2 >> Reporter: Andrew Khoury >> Attachments: post_servlet_filter-1205238.patch >> >> >> It would be nice if you could configure rules or regular expressions for >> paths the sling post servlet is allowed to work under. This would be good >> for both security reasons and for protecting against conflicts with other >> servlets. >> For example: >> Let's say you have a servlet ReplicationServlet registered to receive POST >> requests under path /bin/replicate. >> However, during startup, before the ReplicationServlet component has been >> enabled, a user tries to do a POST to /bin/replicate. In this case, instead >> of executing the ReplicationServlet, the POST servlet is executed and it >> creates a node under /bin/replicate. Now, as long as the node >> /bin/replicate exists... the ReplicationServlet will not be executed for >> requests to /bin/replicate. This presents a problem and explains the >> necessity for this feature. > > -- > This message is automatically generated by JIRA. > If you think it was sent incorrectly, please contact your JIRA > administrators: > https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa > For more information on JIRA, see: http://www.atlassian.com/software/jira > >
