Ben- You also might want to take a look at https://github.com/justinedelson/cq-urlfilter, which is virtually the same code, just adapted to work better in a CQ/AEM environment.
Regards, Justin On Tue, Jul 2, 2013 at 4:49 PM, Ben Zahler <[email protected]>wrote: > Justin, Felix, > Thanks for your responses and please excuse that my terminology makes it a > little too clear that I'm coming from CQ ;-). > > Justins's solution is actually very close to what I had in mind with the > "template based" solution. I will mull over this and create ticket also > referencing Justin's solution. > > Ben > > > > > > Am 01.07.13 11:48 schrieb "Justin Edelson" unter > <[email protected]>: > > >Ben- > >Have you looked at the filter at > >http://svn.apache.org/repos/asf/sling/trunk/samples/urlfilter ? It sounds > >like your solution is roughly inline with this implementation. > > > >Justin > > > > > >On Mon, Jul 1, 2013 at 2:30 AM, Ben Zahler > ><[email protected]>wrote: > > > >> Hi all, > >> I have done some work on selectors and security in CQ lately, and in the > >> process I've had an idea how to handle some of the issues in Sling. > >> From my point of view, this could well be intergrated into Sling, but it > >> can also easily work as an addition, so I'd like to hear some feedback > >>from > >> you. > >> > >> The basic idea is to have the developer of a component/template define > >> the selectors allowed on the component. I've used a property > >> sling:allowedSelectors to do so. > >> In a servlet filter, we can then check for all the allowed selectors in > >> the application and verify if the request's selector are valid. > >> Of course, there are a quite a few open questions/points: > >> > >> - should the allowed selectors be cached? > >> - Servlets with sling.servlet.selectors property need to be included > >> as well > >> - Should the sling:allowedSelectors configuration be component or > >> template based? Component based means the definition is where the > >>selectors > >> are actually implemented, template based provides more accurate > >>means of > >> checking whether request selectors are valid. > >> - How can multisites be configured? > >> > >> Attached is a very basic implementation of the Servlet Filter. Be aware > >> that installing this into a CQ author instance will break some things as > >> the default CQ selectors are not supported. > >> > >> So basically, my question to you is if you think this is an interesting > >> feature or if you consider this rather unnecessary. ;-) > >> > >> Mit besten GrĂ¼ssen > >> Ben Zahler > >> > >> Inside Solutions AG | Felsenstrasse 11 | 4450 Sissach | Schweiz > >> Telefon: +41 61 551 00 40 | Direkt: +41 61 551 00 43 > >> http://www.inside-solutions.ch > >> > >
