[
https://issues.apache.org/jira/browse/SLING-3333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13879975#comment-13879975
]
Carsten Ziegeler commented on SLING-3333:
-----------------------------------------
This is not true, we have the ResourceAccessSecurity for this
> Avoid mounting Sling servlets on paths, prefer resource types
> -------------------------------------------------------------
>
> Key: SLING-3333
> URL: https://issues.apache.org/jira/browse/SLING-3333
> Project: Sling
> Issue Type: Improvement
> Components: Best practices
> Reporter: Bertrand Delacretaz
>
> As mentioned at
> http://sling.apache.org/documentation/the-sling-engine/servlets.html,
> mounting a servlet on a resource type can be done for most servlets that are
> mounted on paths using the sling.servlet.paths service property, and in most
> cases mounting on a resource type is preferable.
> Mounting a Sling servlet on a path does not allow one to setup fine-grained
> access control. There's no way to prevent some users from accessing the
> servlet if any users have access to it.
> The way to avoid this is to mount the servlet on a specific Sling resource
> type, and create resources that point to it by their sling:resourceType
> property. You can then set access control on those nodes as required.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
