Hi, On 18.02.2010 17:04, Davide Maestroni wrote: > Hi all, > > I have some problems with authentication: maybe I'm missing something but I > couldn't have it work as expected. > > What I would like to do is to have an AuthenticationHandler to manage > authentication for all the resources under the path "/root", with the > exception of the login servlet, which I registered under the path > "/root/login". > To achieve it I implemented and register my handler adding the following SCR > properties: > > * @scr.property nameRef="AuthenticationHandler.PATH_PROPERTY" > * value="/root" > * @scr.property name="sling.auth.requirements" > * value="/root" > > Then I implemented and registered the login servlet with the following > properties: > > * @scr.property name="sling.auth.requirements" value="-/root/login" > > When I tried to get a resource (let's say "/root/res1") I expected my > handler to be called for authentication, and so it happened. The handler > returned null credentials since no login was performed yet, and I expected > the authentication to fail, but, unfortunately, this did not happen. > So, I tried to disable any anonymous session from the web console, and this > time the access was denied. But, when I then tried to call the login > servlet, I was not authorized to do so. > > Is there something wrong with my properties? Am I using the authentication > framework in the wrong way? > Is there a way to achieve what I want without the need to disable anonymous > sessions?
Your setup looks right and should be sufficient, no need to disable anonymous login. Do you have the latest trunk builds of the Commons Auth and Engine bundles installed ? You might also want to check the "Authenticator" page in the Web Console for the correct setup of the Authentication requirements. Regards Felix > > Thanks in advance, > > Dave >
