[
https://issues.apache.org/jira/browse/SLING-3482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13961637#comment-13961637
]
Nan Fan commented on SLING-3482:
--------------------------------
Thanks for your quick response!
I've created an issue at https://issues.apache.org/jira/browse/SLING-3496
> Synthetic resources should lead to a 404
> ----------------------------------------
>
> Key: SLING-3482
> URL: https://issues.apache.org/jira/browse/SLING-3482
> Project: Sling
> Issue Type: Bug
> Components: ResourceResolver
> Affects Versions: Resource Resolver 1.0.6
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: Resource Resolver 1.1.0
>
>
> If e.g. /libs is requested by a user who does not have access to /libs, a
> synthetic resource for libs is returned which is then rendered.
> This is due to the special handling for servlet resources which are mounted
> at /libs/....
> I think the code in ResourceProviderEntry#getInternalResource is too generic:
> if (entries.size() > 0 && entries.size() == elements.length) {
> if (entries.get(entries.size() -
> 1).getResourceProviders().length == 0) {
> logger.debug("Resolved Synthetic {}", fullPath);
> return new SyntheticResource(resourceResolver, fullPath,
> ResourceProvider.RESOURCE_TYPE_SYNTHETIC);
> }
> }
> However, fixing this might break other parts like the servlet resolver
> relying on it
--
This message was sent by Atlassian JIRA
(v6.2#6252)
