Bertrand Delacretaz created SLING-3333: ------------------------------------------
Summary: Avoid mounting Sling servlets on paths, prefer resource types Key: SLING-3333 URL: https://issues.apache.org/jira/browse/SLING-3333 Project: Sling Issue Type: Improvement Components: Best practices Reporter: Bertrand Delacretaz As mentioned at http://sling.apache.org/documentation/the-sling-engine/servlets.html, mounting a servlet on a resource type can be done for most servlets that are mounted on paths using the sling.servlet.paths service property, and in most cases mounting on a resource type is preferable. Mounting a Sling servlet on a path does not allow one to setup fine-grained access control. There's no way to prevent some users from accessing the servlet if any users have access to it. The way to avoid this is to mount the servlet on a specific Sling resource type, and create resources that point to it by their sling:resourceType property. You can then set access control on those nodes as required. -- This message was sent by Atlassian JIRA (v6.1.5#6160)