[SLING-3333] Avoid mounting Sling servlets on paths, prefer resource types - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: Best practices
Labels:
None

Description

As mentioned at http://sling.apache.org/documentation/the-sling-engine/servlets.html, mounting a servlet on a resource type can be done for most servlets that are mounted on paths using the sling.servlet.paths service property, and in most cases mounting on a resource type is preferable.

Mounting a Sling servlet on a path does not allow one to setup fine-grained access control. There's no way to prevent some users from accessing the servlet if any users have access to it.

The way to avoid this is to mount the servlet on a specific Sling resource type, and create resources that point to it by their sling:resourceType property. You can then set access control on those nodes as required.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Bertrand Delacretaz

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/Jan/14 14:15

Updated:: 04/May/23 09:24

Resolved:: 04/May/23 09:24