Re: [ResourceAccessSecurity] Returns NonExistingResource if acess is denied
Ah ok thanks, wasn't really sure about that due to the alternative resolve signature with request but I should have read the classdescription which is pretty clear. So +1 from my side as well. Best regards Dominik Am 16.12.2013 21:38 schrieb "Alexander Klimetschek" : > On 16.12.2013, at 04:38, Dominik Süß wrote: > > > There is currently a gap between the behavior of .resolve() and > .getResource() > > where getResource would return null and .resolve() should return a > > NonExistingResource. I'm pretty sure there is a reason for that, but I > > couldn't find it. > > Oh, yes, there is a good reason for that: > > - resolve() is used for request processing, where it is necessary to > handle the non-existing case with the special sling:nonexisting resource > type and the original path info > - getResource() is the more "raw" access, similar to JCR Session.getNode() > (*) > > Applications would always use getResource() and handle the null check. > resolve() is mostly only for the sling engine, or if you have some more > complex internal forwarding etc. that requires to replicate Sling's > resolution behavior. > > (*) yes, getNode() throws an exception, but that's similar to returning > null compared to returning a special NonExistingResource object > > Cheers, > Alex > >
Re: [ResourceAccessSecurity] Returns NonExistingResource if acess is denied
Yepp, exactly - so a resource provider and that includes the resource access security implementation should never return a NonExistingResource - otherwise the getResource() contract of the ResourceResolver will be broken. So, I'll go ahead and change this Thanks Carsten 2013/12/17 Alexander Klimetschek > On 16.12.2013, at 04:38, Dominik Süß wrote: > > > There is currently a gap between the behavior of .resolve() and > .getResource() > > where getResource would return null and .resolve() should return a > > NonExistingResource. I'm pretty sure there is a reason for that, but I > > couldn't find it. > > Oh, yes, there is a good reason for that: > > - resolve() is used for request processing, where it is necessary to > handle the non-existing case with the special sling:nonexisting resource > type and the original path info > - getResource() is the more "raw" access, similar to JCR Session.getNode() > (*) > > Applications would always use getResource() and handle the null check. > resolve() is mostly only for the sling engine, or if you have some more > complex internal forwarding etc. that requires to replicate Sling's > resolution behavior. > > (*) yes, getNode() throws an exception, but that's similar to returning > null compared to returning a special NonExistingResource object > > Cheers, > Alex > > -- Carsten Ziegeler cziege...@apache.org
Re: [ResourceAccessSecurity] Returns NonExistingResource if acess is denied
On 16.12.2013, at 04:38, Dominik Süß wrote: > There is currently a gap between the behavior of .resolve() and .getResource() > where getResource would return null and .resolve() should return a > NonExistingResource. I'm pretty sure there is a reason for that, but I > couldn't find it. Oh, yes, there is a good reason for that: - resolve() is used for request processing, where it is necessary to handle the non-existing case with the special sling:nonexisting resource type and the original path info - getResource() is the more "raw" access, similar to JCR Session.getNode() (*) Applications would always use getResource() and handle the null check. resolve() is mostly only for the sling engine, or if you have some more complex internal forwarding etc. that requires to replicate Sling's resolution behavior. (*) yes, getNode() throws an exception, but that's similar to returning null compared to returning a special NonExistingResource object Cheers, Alex
Re: [ResourceAccessSecurity] Returns NonExistingResource if acess is denied
+0.5 I'm aware of this contract but just did check when the NonExistingResource would be valid to be used. Looking at [0] you could read this to be a correct behavior as well. There is currently a gap between the behavior of .resolve() and .getResource() where getResource would return null and .resolve() should return a NonExistingResource. I'm pretty sure there is a reason for that, but I couldn't find it. So could anyone enlighten me befor I can give full +1 from my side? :) Best regards Dominik [0] http://sling.apache.org/apidocs/sling5/org/apache/sling/api/resource/Resource.html#RESOURCE_TYPE_NON_EXISTING On Mon, Dec 16, 2013 at 11:54 AM, Felix Meschberger wrote: > Hi > > Are you talking about "ResourceAccessSecurityImpl.getReadableResource" ? > Yes, I agree, that returning NonExistingResource is indeed violating the > API spec which states null is to be returned if the resource is not > readable. > > Regards > Felix > > Am 16.12.2013 um 08:00 schrieb Carsten Ziegeler : > > > Hi, > > > > while looking at the ResourceAccessSecurity implementation I noticed that > > it returns a NonExistingResource if read access is denied. I think it > > simply should return null. > > > > Thoughts? > > > > Regards > > Carsten > > -- > > Carsten Ziegeler > > cziege...@apache.org > >
Re: [ResourceAccessSecurity] Returns NonExistingResource if acess is denied
Hi Are you talking about "ResourceAccessSecurityImpl.getReadableResource" ? Yes, I agree, that returning NonExistingResource is indeed violating the API spec which states null is to be returned if the resource is not readable. Regards Felix Am 16.12.2013 um 08:00 schrieb Carsten Ziegeler : > Hi, > > while looking at the ResourceAccessSecurity implementation I noticed that > it returns a NonExistingResource if read access is denied. I think it > simply should return null. > > Thoughts? > > Regards > Carsten > -- > Carsten Ziegeler > cziege...@apache.org