[ https://issues.apache.org/jira/browse/SLING-3333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13880090#comment-13880090 ]
Carsten Ziegeler commented on SLING-3333: ----------------------------------------- Oh sure, I totally agree that resource types are preferrable > Avoid mounting Sling servlets on paths, prefer resource types > ------------------------------------------------------------- > > Key: SLING-3333 > URL: https://issues.apache.org/jira/browse/SLING-3333 > Project: Sling > Issue Type: Improvement > Components: Best practices > Reporter: Bertrand Delacretaz > > As mentioned at > http://sling.apache.org/documentation/the-sling-engine/servlets.html, > mounting a servlet on a resource type can be done for most servlets that are > mounted on paths using the sling.servlet.paths service property, and in most > cases mounting on a resource type is preferable. > Mounting a Sling servlet on a path does not allow one to setup fine-grained > access control. There's no way to prevent some users from accessing the > servlet if any users have access to it. > The way to avoid this is to mount the servlet on a specific Sling resource > type, and create resources that point to it by their sling:resourceType > property. You can then set access control on those nodes as required. -- This message was sent by Atlassian JIRA (v6.1.5#6160)