I am developing a sling WCMS.
When I call address [e.g. 'http://localhost:8080/apps/bcms/pages/test.jsp'] of a page in the browser, a save dialog box will appear and ask to save jsp file.
How to prevent jsp pages accessible via direct addressing?
Asked
Active
Viewed 123 times
0
vvvvv
- 25,404
- 19
- 49
- 81
Babak Behzadi
- 1,236
- 2
- 16
- 33
1 Answers
0
Just remove the permissions for anonymous. The script resolution and execution runs with the script user.
cwoeltge
- 201
- 1
- 4
-
But I think these pages are accessible for other users, is it true? – Babak Behzadi Jan 07 '13 at 05:12
-
Just if you grant permissions. E.g. if you're working on CQ, there is no need for e.g. an editor to have read permissions to it. Just grant read permission to read dialog nodes would be enough for authoring. Same for anything else. The permission (ACL) gets matched against the actual request (and any internal request s.a. sling:include which should usually include a resource (with permission), not the script. – cwoeltge Jan 07 '13 at 23:31