subject:"Prevent Default Sling Post servlet from ever processing certain requests"

Re: Prevent Default Sling Post servlet from ever processing certain requests

2020-06-18 Thread Ruben Reusser

on the same line: is it possible to restrict what jcr:primaryType and
what sling:resourceType is allowed to be created by the post servlet or
even more in general?

On 6/18/2020 6:38 AM, Konrad Windszus wrote:

That already comes close, but I was more thinking about a dedicated operation
which indicates, that a required specialized servlet is missing. That could by
default return a status 500 with a reasonable error message (so only one
parameter necessary).
I created https://issues.apache.org/jira/browse/SLING-9531
to track that.
Thanks for your input,
Konrad

On 18. Jun 2020, at 15:30, Karl Pauls wrote:

https://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#slingpostservlet-operations-1

obviously, that only helps if you have the client under your control.

regards,

Karl

On Thursday, June 18, 2020, Karl Pauls wrote:

I guess you could add a nop operation.

regards,

Karl

On Thursday, June 18, 2020, Bertrand Delacretaz
wrote:

On Thu, Jun 18, 2020 at 2:46 PM Konrad Windszus
wrote:

...Is there a simple way (like a certain parameter or request path

format) which prevents the

Sling POST servlet from responding?...

Not that I know, but my memory is bad for such things.

If not, do you think that this would be a useful addition?

I think so - maybe something like the PathBasedAcceptor [1] created
for SLING-8110 could help set stricter requirements for that default
servlet to execute.

-Bertrand

[1] https://github.com/apache/sling-org-apache-sling-servlets-
resolver/blob/master/src/main/java/org/apache/sling/
servlets/resolver/internal/PathBasedServletAcceptor.java

--
Karl Pauls
karlpa...@gmail.com

Re: Prevent Default Sling Post servlet from ever processing certain requests

2020-06-18 Thread Konrad Windszus

That already comes close, but I was more thinking about a dedicated operation 
which indicates, that a required specialized servlet is missing. That could by 
default return a status 500 with a reasonable error message (so only one 
parameter necessary).
I created https://issues.apache.org/jira/browse/SLING-9531 
 to track that.
Thanks for your input,
Konrad

> On 18. Jun 2020, at 15:30, Karl Pauls  wrote:
> 
> https://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#slingpostservlet-operations-1
> 
> obviously, that only helps if you have the client under your control.
> 
> regards,
> 
> Karl
> 
> On Thursday, June 18, 2020, Karl Pauls  wrote:
> 
>> I guess you could add a nop operation.
>> 
>> regards,
>> 
>> Karl
>> 
>> On Thursday, June 18, 2020, Bertrand Delacretaz 
>> wrote:
>> 
>>> On Thu, Jun 18, 2020 at 2:46 PM Konrad Windszus
>>>  wrote:
 ...Is there a simple way (like a certain parameter or request path
>>> format) which prevents the
 Sling POST servlet from responding?...
>>> 
>>> Not that I know, but my memory is bad for such things.
>>> 
 If not, do you think that this would be a useful addition?
>>> 
>>> I think so - maybe something like the PathBasedAcceptor [1] created
>>> for SLING-8110 could help set stricter requirements for that default
>>> servlet to execute.
>>> 
>>> -Bertrand
>>> 
>>> [1] https://github.com/apache/sling-org-apache-sling-servlets-
>>> resolver/blob/master/src/main/java/org/apache/sling/
>>> servlets/resolver/internal/PathBasedServletAcceptor.java
>>> 
>> 
>> 
>> --
>> Karl Pauls
>> karlpa...@gmail.com
>> 
>> 
> 
> -- 
> Karl Pauls
> karlpa...@gmail.com

Re: Prevent Default Sling Post servlet from ever processing certain requests

2020-06-18 Thread Karl Pauls

https://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#slingpostservlet-operations-1

obviously, that only helps if you have the client under your control.

regards,

Karl

On Thursday, June 18, 2020, Karl Pauls  wrote:

> I guess you could add a nop operation.
>
> regards,
>
> Karl
>
> On Thursday, June 18, 2020, Bertrand Delacretaz 
> wrote:
>
>> On Thu, Jun 18, 2020 at 2:46 PM Konrad Windszus
>>  wrote:
>> > ...Is there a simple way (like a certain parameter or request path
>> format) which prevents the
>> > Sling POST servlet from responding?...
>>
>> Not that I know, but my memory is bad for such things.
>>
>> > If not, do you think that this would be a useful addition?
>>
>> I think so - maybe something like the PathBasedAcceptor [1] created
>> for SLING-8110 could help set stricter requirements for that default
>> servlet to execute.
>>
>> -Bertrand
>>
>> [1] https://github.com/apache/sling-org-apache-sling-servlets-
>> resolver/blob/master/src/main/java/org/apache/sling/
>> servlets/resolver/internal/PathBasedServletAcceptor.java
>>
>
>
> --
> Karl Pauls
> karlpa...@gmail.com
>
>

-- 
Karl Pauls
karlpa...@gmail.com

Re: Prevent Default Sling Post servlet from ever processing certain requests

2020-06-18 Thread Konrad Windszus

I figured out that giving a parameter ":operation" with any invalid value 
should do the job 
(https://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#slingpostservlet-operations).
 That will lead to a 500 status no modification in the repo.
The error message is not very verbose though, but good enough for my purpose.
Alternatively one can use "nop" as value for ":operation" together with 
parameter ":nopstatus" set to 500.

> On 18. Jun 2020, at 15:27, Bertrand Delacretaz  wrote:
> 
> On Thu, Jun 18, 2020 at 2:46 PM Konrad Windszus
>  wrote:
>> ...Is there a simple way (like a certain parameter or request path format) 
>> which prevents the
>> Sling POST servlet from responding?...
> 
> Not that I know, but my memory is bad for such things.
> 
>> If not, do you think that this would be a useful addition?
> 
> I think so - maybe something like the PathBasedAcceptor [1] created
> for SLING-8110 could help set stricter requirements for that default
> servlet to execute.
> 
> -Bertrand
> 
> [1] 
> https://github.com/apache/sling-org-apache-sling-servlets-resolver/blob/master/src/main/java/org/apache/sling/servlets/resolver/internal/PathBasedServletAcceptor.java

Re: Prevent Default Sling Post servlet from ever processing certain requests

2020-06-18 Thread Karl Pauls

I guess you could add a nop operation.

regards,

Karl

On Thursday, June 18, 2020, Bertrand Delacretaz 
wrote:

> On Thu, Jun 18, 2020 at 2:46 PM Konrad Windszus
>  wrote:
> > ...Is there a simple way (like a certain parameter or request path
> format) which prevents the
> > Sling POST servlet from responding?...
>
> Not that I know, but my memory is bad for such things.
>
> > If not, do you think that this would be a useful addition?
>
> I think so - maybe something like the PathBasedAcceptor [1] created
> for SLING-8110 could help set stricter requirements for that default
> servlet to execute.
>
> -Bertrand
>
> [1] https://github.com/apache/sling-org-apache-sling-
> servlets-resolver/blob/master/src/main/java/org/apache/
> sling/servlets/resolver/internal/PathBasedServletAcceptor.java
>


-- 
Karl Pauls
karlpa...@gmail.com

Re: Prevent Default Sling Post servlet from ever processing certain requests

2020-06-18 Thread Bertrand Delacretaz

On Thu, Jun 18, 2020 at 2:46 PM Konrad Windszus
 wrote:
> ...Is there a simple way (like a certain parameter or request path format) 
> which prevents the
> Sling POST servlet from responding?...

Not that I know, but my memory is bad for such things.

> If not, do you think that this would be a useful addition?

I think so - maybe something like the PathBasedAcceptor [1] created
for SLING-8110 could help set stricter requirements for that default
servlet to execute.

-Bertrand

[1] 
https://github.com/apache/sling-org-apache-sling-servlets-resolver/blob/master/src/main/java/org/apache/sling/servlets/resolver/internal/PathBasedServletAcceptor.java

Prevent Default Sling Post servlet from ever processing certain requests

2020-06-18 Thread Konrad Windszus

Hi,
it is quite common that applications register custom POST servlet (via OSGi DS) 
to a certain resource type.
If that custom POST servlet component for whatever reason is not running the 
default Sling POST servlet will kick in. That is never intended and will in the 
worst case add content to the repository.

Is there a simple way (like a certain parameter or request path format) which 
prevents the Sling POST servlet from responding?
If not, do you think that this would be a useful addition?

Thanks,
Konrad

Re: Prevent Default Sling Post servlet from ever processing certain requests

Re: Prevent Default Sling Post servlet from ever processing certain requests

Re: Prevent Default Sling Post servlet from ever processing certain requests

Re: Prevent Default Sling Post servlet from ever processing certain requests

Re: Prevent Default Sling Post servlet from ever processing certain requests

Re: Prevent Default Sling Post servlet from ever processing certain requests

Prevent Default Sling Post servlet from ever processing certain requests

7 matches

Site Navigation

Mail list logo

Footer information