[ https://issues.apache.org/jira/browse/SLING-6053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16004357#comment-16004357 ]
Konrad Windszus commented on SLING-6053: ---------------------------------------- [~asanso] IIUC then https://github.com/apache/sling/commit/e78b6b0c6f3ca85d4c21440b45dca6fe02345942#diff-b4de7814d0639d73de908946d425e8f1R246 only tests where both {{/resource1}} and {{/resource1.test}} have an AuthenticationInfo bound. But my use case is different. I only have set an AuthenticationInfo to {{/resource1}} and none set on {{/resource1.test}}. Still I assume that with your fix {{//resource1.test}} would be covered by the AuthenticationInfo set for {{/resource1}}. Isn't that right? > SlingAuthenticator identifies wrong sibling node with AuthenticationInfo > ------------------------------------------------------------------------ > > Key: SLING-6053 > URL: https://issues.apache.org/jira/browse/SLING-6053 > Project: Sling > Issue Type: Bug > Components: Authentication > Affects Versions: Auth Core 1.3.18 > Reporter: Miklos Csere > Assignee: Antonio Sanso > Priority: Blocker > Fix For: Auth Core 1.3.26 > > Attachments: SLING-6053-patch.txt > > > Issue can be reproduced with the following steps: > Create node "/page" > Create sibling node "/page1" > Define a protection handler for node: "/page" > Expected: > "/page" has AuthenticationInfo > "/page1" does not have AuthenticationInfo (has anonymous) > > Actual: "/page" & "page1" are both having AuthenticationInfo > > Reason: SlingAuthenticator.java line 726: if (path.startsWith(holder.path)) > Warning: The same check is used in 4 more places in code with similar > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)