[jira] [Commented] (SLING-2592) Anonymous/nonanonymous access grant is not effective for mapped paths.

Mon, 18 Feb 2013 18:39:15 -0800 

    [ 
https://issues.apache.org/jira/browse/SLING-2592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13580969#comment-13580969
 ] 

Ian Boston commented on SLING-2592:
-----------------------------------

The patch looks good, however I cant see how it addresses the reported issue.

It does ensure that if the requested hostname is in the cache for both the 
request scheme (eg https) and the default scheme "", then both sets of 
PathBasedHolders are made available to the caller. Previously the specific for 
the scheme was overwritten by the default for the scheme (hence why the patch 
makes sense).

Perhaps the description of the report is wrong. 
I am not keen on applying the patch until I know why if fixes the problem in 
the description.

I also notice that there is some out of band typing in this area.
org.apache.sling.auth.core.impl.PathBasedHolderCache.findApplicableHolder(HttpServletRequest)
 returns a List<Type extends PathBasedHolder> and when called its cast to 
List<AbstractAuthenticationHandlerHolder> which although correct at the moment 
may not remain correct. It could result in a classcast exception if there is 
anything else implementing a PathBasedHolder. (not certain how important that 
is).

                
> Anonymous/nonanonymous access grant is not effective for mapped paths.
> ----------------------------------------------------------------------
>
>                 Key: SLING-2592
>                 URL: https://issues.apache.org/jira/browse/SLING-2592
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.0.6
>            Reporter: Dominik Smogór
>         Attachments: authcore-SLING-2592.patch
>
>
> I'm using sling with CQ 5.4 with a custom authentication handler and custom 
> auth info provider (one that sets "sling.auth.requirements" property). The 
> handler expects requestCredentials to be called for some paths. When any of 
> them is mapped (requestResolver.map returns full http URL) the 
> SlingAuthenticator fails to recognize path as non anonymous and the request 
> processing ends with 404 error instead of login page redirect.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to