Bertrand Delacretaz created SLING-3333:
------------------------------------------
Summary: Avoid mounting Sling servlets on paths, prefer resource
types
Key: SLING-3333
URL: https://issues.apache.org/jira/browse/SLING-3333
Project: Sling
Issue Type: Improvement
Components: Best practices
Reporter: Bertrand Delacretaz
As mentioned at
http://sling.apache.org/documentation/the-sling-engine/servlets.html, mounting
a servlet on a resource type can be done for most servlets that are mounted on
paths using the sling.servlet.paths service property, and in most cases
mounting on a resource type is preferable.
Mounting a Sling servlet on a path does not allow one to setup fine-grained
access control. There's no way to prevent some users from accessing the servlet
if any users have access to it.
The way to avoid this is to mount the servlet on a specific Sling resource
type, and create resources that point to it by their sling:resourceType
property. You can then set access control on those nodes as required.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
