Hi Ben,
I ran into a couple gotcha's related to sling authentication:
1. Logging in through /system/console != /system/sling/login
From what I understand, /system/console is the FELIX admin console
login, and won't grant you access to modify content. /system/sling/login
is the JACKRABBIT login page, which will grant you access on updating
content.
2. It is *not* cookie authentication
By habit, I clear my FF cache (everything but cookies) to reload
style-sheets and scripts while doing development. I was never used to
this also clearing my authentication.
I hope this helps you.
Best,
Branden
Ben Short wrote:
Hi,
I have created some content using the following commands:
curl -F"sling:resourceType=website" -F"title=Title" -F"slogan=Slogan"
http://admin:ad...@localhost:8888/content/website
Then I created html.esp in /apps/website a snip it of which is shown below...
<h1 id="logo-text"><a href="" title=""><%= currentNode.title %></a></h1>
<p id="slogan"><%= currentNode.slogan %></p>
When I browse to page http://localhost:8888/content/website.html I see
the page with the title and slogan pulled from the repository.
Now what Im trying to do is alter the slogan file using a
Ext.Ajax.Request as shown below...
Ext.Ajax.request({
url: '/content/website',
params: { slogan : text },
method: 'POST',
success: function ( result,
request ) {
Ext.MessageBox.alert('Success', 'Data return from the server:
'+ result.responseText);
Ext.get('slogan').dom.innerHTML=text;
},
failure: function ( result,
request) {
alert(result.responseText);
}
});
The 'text' param is a js variable.
When the browser tries to make this request it gets the following response...
<html>
<head>
<title>Error while processing /content/website</title>
</head>
<body>
<h1>Error while processing /content/website</h1>
<table>
<tbody>
<tr>
<td>Status</td>
<td><div id="Status">500</div></td>
</tr>
<tr>
<td>Message</td>
<td><div id="Message">javax.jcr.AccessDeniedException: /content/
website/slogan: not allowed to remove item</div></td>
</tr>
<tr>
<td>Location</td>
<td><a href="/website" id="Location">/website</a></td>
</tr>
<tr>
<td>Parent Location</td>
<td><a href="/content" id="ParentLocation">/content</a></td>
</tr>
<tr>
<td>Path</td>
<td><div id="Path">/content/website</div></td>
</tr>
<tr>
<td>Referer</td>
<td><a href="" id="Referer"></a></td>
</tr>
<tr>
<td>ChangeLog</td>
<td><div id="ChangeLog"><pre>modified("/content/website/slogan")
;<br/>modified("/content/website/sling:resourceType");<br/></pre></div></td>
</tr>
</tbody>
</table>
<p><a href="">Go Back</a></p>
<p><a href="/website">Modified Resource</a></p>
<p><a href="/content">Parent of Modified Resource</a></p>
</body>
</html>
Which is the same as when i try the following curl command.
curl -F"sling:resourceType=website" -F"slogan=some title"
http://localhost:8888/content/website
Now I see that im not setting the username and password in the curl
command so sling will not allow the anon user to access the
/content/website node. But I have logged into the sling console with
the browser i then load the website.html page with, so i assume the
browser session is authorised.
Any ideas?
Regards
Ben
