wow. just re-read my post. my apologies for the monster type-o's -- was trying to do 2 things at once when i wrote that :)
-- David Gonzalez Sent with Sparrow (http://www.sparrowmailapp.com/?sig) On Monday, November 19, 2012 at 8:17 AM, David G. wrote: > Felix, > > 1) The problem is controlling the message. Many folks, very > reasonably, want to control exactly how they serve their content (from > their "trusted" domain) so its taken in context. For example, in > Pharma, if i have a page resource, and the body paragraph and the > disclaimer content is maintained in separate nodes and/or properties, > i do not want there to be *ANY WAY* for to serve up the content > without the disclaimer (if someone links straight to the body > property, patients could see this content served from > www.im-a-pharma.com (http://www.im-a-pharma.com) and the Pharma company could > have *big* legal > issues. This is an extreme (legal) example, but its very reasonable > for folks to control how their messages are made available. Default > renditions make this di > > 2) A number of people have alluded to property level ACLs (lars did as > well in a thread I started ahwile back), however I have not been able > to locate the exact mechanism for this. The closest I can find is the > Jackrabbit ACL GlobPattern which, AFIAT, does node level restrictions, > not property-level. [1] Have I been misinterpretion the suggestions > and it Is really to move any "permissioned properties" into a subnode > (or some other node) and ACE that node? > > [1] > http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/authorization/GlobPattern.html > > Thanks! > > > On Mon, Nov 19, 2012 at 3:58 AM, Felix Meschberger <[email protected] > (mailto:[email protected])> wrote: > > Hi, > > > > A property also resolves to a Resource when accessed and the default get > > servlet sends it as a response. > > > > What's the problem here ? > > > > You might want to use access control to prevent this. > > > > Regards > > Felix > > > > Am 16.11.2012 um 22:06 schrieb David G.: > > > > > Is there a way to prevent making a GET for the full path to a property > > > to NOT return the property's value: > > > > > > HTTP GET /content/site/page/jcr:content/page-property ==> "this is > > > the page property value" > > > > > > I want it to return nothing -- i would be find being able to control > > > this on a per-resourcetype basis as well. > > > > > > I did not see this an a option on the Sling GET Servlet. Is it > > > configured someplace else perhaps? > > > > > > Thanks!
