Am Freitag, 2. August 2013 schrieb Oliver Lietz: > Am Freitag, 2. August 2013 schrieb Felix Meschberger: > > Hi
hello all, > hello Felix, > > > I would assume the Sling Authentication Service has HTTP Basic > > Authentication enabled with preemptive support. This means a 401 response > > is never sent. Reconfiguring the Authentication Service to fully enable > > HTTP Basic Authentication should do the trick. > > it's already configured with full support. Any other idea? I tracked it down to pathInfo always being null in SlingAuthenticator. Instead of getPathInfo() getServletPath() should be used in all places. See SLING-2998. Regards, O. > Regards, > O. > > > Hope this helps. > > > > Regards > > Felix > > > > Am 02.08.2013 um 13:38 schrieb Oliver Lietz: > > > hello all, > > > > > > I'm porting an application from Vaadin to Sling using HTML and a custom > > > Sling Servlet (service with property sling.servlet.paths). > > > This works fine, but securing this application with HTTP Basic > > > Authentication Handler does not work. > > > > > > - Allow Anonymous Access is enabled (in Apache Sling Authentication > > > Service configuration) > > > > > > - Authentication Requirements is empty (in Apache Sling Authentication > > > Service configuration) > > > > > > - HTTP Basic Authentication Handler is the only handler and registered > > > for path / > > > > > > - the custom servlet sets sling.auth.requirements to > > > {"+/services/myservlet", "+/content/myapp"} (myapp contains the HTML in > > > JCR, no ACLs changed) > > > > > > - Authenticator (slingauth) shows Authentication Required Yes for > > > /services/myservlet and /content/myapp and No for / (and also No for > > > /system/sling/logout, /system/sling/login, /server) > > > > > > I expect the browser to ask for username and password when accessing > > > /content/myapp and /services/myservlet, but that does not happen. > > > What is missing? Is this intended behavior or a bug (same behavior on > > > current Sling and CQ 5.5)? > > > > > > thanks, > > > O.