Ben- Have you looked at the filter at http://svn.apache.org/repos/asf/sling/trunk/samples/urlfilter ? It sounds like your solution is roughly inline with this implementation.
Justin On Mon, Jul 1, 2013 at 2:30 AM, Ben Zahler <[email protected]>wrote: > Hi all, > I have done some work on selectors and security in CQ lately, and in the > process I've had an idea how to handle some of the issues in Sling. > From my point of view, this could well be intergrated into Sling, but it > can also easily work as an addition, so I'd like to hear some feedback from > you. > > The basic idea is to have the developer of a component/template define > the selectors allowed on the component. I've used a property > sling:allowedSelectors to do so. > In a servlet filter, we can then check for all the allowed selectors in > the application and verify if the request's selector are valid. > Of course, there are a quite a few open questions/points: > > - should the allowed selectors be cached? > - Servlets with sling.servlet.selectors property need to be included > as well > - Should the sling:allowedSelectors configuration be component or > template based? Component based means the definition is where the selectors > are actually implemented, template based provides more accurate means of > checking whether request selectors are valid. > - How can multisites be configured? > > Attached is a very basic implementation of the Servlet Filter. Be aware > that installing this into a CQ author instance will break some things as > the default CQ selectors are not supported. > > So basically, my question to you is if you think this is an interesting > feature or if you consider this rather unnecessary. ;-) > > Mit besten GrĂ¼ssen > Ben Zahler > > Inside Solutions AG | Felsenstrasse 11 | 4450 Sissach | Schweiz > Telefon: +41 61 551 00 40 | Direkt: +41 61 551 00 43 > http://www.inside-solutions.ch >
