[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16000354#comment-16000354 ]
Antonio Sanso commented on SLING-6053: -------------------------------------- [~kwin] I'd be inclined to apply this patch. Would you be fine with it ? > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > ------------------------------------------------------------------------ > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication > Affects Versions: Auth Core 1.3.18 > Reporter: Miklos Csere > Assignee: Antonio Sanso > Priority: Blocker > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)