Am Freitag, 2. August 2013 schrieb Oliver Lietz:
> Am Freitag, 2. August 2013 schrieb Felix Meschberger:
> > Hi
hello all,
> hello Felix,
>
> > I would assume the Sling Authentication Service has HTTP Basic
> > Authentication enabled with preemptive support. This means a 401 response
> > is never sent. Reconfiguring the Authentication Service to fully enable
> > HTTP Basic Authentication should do the trick.
>
> it's already configured with full support. Any other idea?
I tracked it down to pathInfo always being null in SlingAuthenticator. Instead
of getPathInfo() getServletPath() should be used in all places. See
SLING-2998.
Regards,
O.
> Regards,
> O.
>
> > Hope this helps.
> >
> > Regards
> > Felix
> >
> > Am 02.08.2013 um 13:38 schrieb Oliver Lietz:
> > > hello all,
> > >
> > > I'm porting an application from Vaadin to Sling using HTML and a custom
> > > Sling Servlet (service with property sling.servlet.paths).
> > > This works fine, but securing this application with HTTP Basic
> > > Authentication Handler does not work.
> > >
> > > - Allow Anonymous Access is enabled (in Apache Sling Authentication
> > > Service configuration)
> > >
> > > - Authentication Requirements is empty (in Apache Sling Authentication
> > > Service configuration)
> > >
> > > - HTTP Basic Authentication Handler is the only handler and registered
> > > for path /
> > >
> > > - the custom servlet sets sling.auth.requirements to
> > > {"+/services/myservlet", "+/content/myapp"} (myapp contains the HTML in
> > > JCR, no ACLs changed)
> > >
> > > - Authenticator (slingauth) shows Authentication Required Yes for
> > > /services/myservlet and /content/myapp and No for / (and also No for
> > > /system/sling/logout, /system/sling/login, /server)
> > >
> > > I expect the browser to ask for username and password when accessing
> > > /content/myapp and /services/myservlet, but that does not happen.
> > > What is missing? Is this intended behavior or a bug (same behavior on
> > > current Sling and CQ 5.5)?
> > >
> > > thanks,
> > > O.
