[ https://issues.apache.org/jira/browse/SLING-3482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13961637#comment-13961637 ]
Nan Fan commented on SLING-3482: -------------------------------- Thanks for your quick response! I've created an issue at https://issues.apache.org/jira/browse/SLING-3496 > Synthetic resources should lead to a 404 > ---------------------------------------- > > Key: SLING-3482 > URL: https://issues.apache.org/jira/browse/SLING-3482 > Project: Sling > Issue Type: Bug > Components: ResourceResolver > Affects Versions: Resource Resolver 1.0.6 > Reporter: Carsten Ziegeler > Assignee: Carsten Ziegeler > Fix For: Resource Resolver 1.1.0 > > > If e.g. /libs is requested by a user who does not have access to /libs, a > synthetic resource for libs is returned which is then rendered. > This is due to the special handling for servlet resources which are mounted > at /libs/.... > I think the code in ResourceProviderEntry#getInternalResource is too generic: > if (entries.size() > 0 && entries.size() == elements.length) { > if (entries.get(entries.size() - > 1).getResourceProviders().length == 0) { > logger.debug("Resolved Synthetic {}", fullPath); > return new SyntheticResource(resourceResolver, fullPath, > ResourceProvider.RESOURCE_TYPE_SYNTHETIC); > } > } > However, fixing this might break other parts like the servlet resolver > relying on it -- This message was sent by Atlassian JIRA (v6.2#6252)