On Fri, Oct 28, 2011 at 11:50 AM, Justin Edelson <[email protected]> wrote: > Hi Markus, > > On Oct 28, 2011, at 4:34 AM, Markus Joschko <[email protected]> wrote: > >> Thanks for adding the configuration option Justin. >> However it does not work. The reason for this is that I have added the >> configuration option locally to a rather old revision of the davex >> servlet, while in the meantime >> SLING-2167 was added. I had issues with this before and I now have >> even more issues. >> >> SLING-2167 uses the authenticator framework to protect the servlet. >> And that breaks the default behaviour of the davexservlet. >> It basically ignores the init.missing-auth-mapping parameter and >> returns an anonymous session instead of a session with the specified >> credentials when the client is not authenticated :-( > > I'm not sure I understand. Under what circumstance does the authenticator > ignore credentials? That seems wrong.
It ignores the credentials given in the init.missing-auth-mapping parameter. As the davex client connects unauthorized to the repository to query the repositorydescriptors, the value in this parameter can be used to "give" the client credentials for this request. And this is not working at the moment. Instead the authenticator is hardcoded to use the anonymous user for these requests. > >> >> And as I have disabled the anonymous user I can not fetch the >> repositorydescriptors via davex which results in a read only davex >> session. >> >> I'll add a comment to the issue and for now will revert back to an >> older version of the davexservlet that not uses the authenticator >> framework. > > Ok. I'll revert the change as it seems useless. > > Justin >> >> >> >> >> >> On Thu, Oct 27, 2011 at 5:25 PM, Markus Joschko >> <[email protected]> wrote: >>> Thanks Justin. I created it but it seems like I can not assign an >>> issue to someone: https://issues.apache.org/jira/browse/SLING-2256 >>> >>> >>> On Thu, Oct 27, 2011 at 4:52 PM, Justin Edelson >>> <[email protected]> wrote: >>>> Please file a JIRA and assign it to me. I should be able to take care >>>> of this in the next few hours. >>>> >>>> Justin >>>> >>>> On Thu, Oct 27, 2011 at 7:34 AM, Markus Joschko >>>> <[email protected]> wrote: >>>>> Hi, >>>>> does anybody mind if the properties of the davex servlet are made >>>>> configurable? >>>>> >>>>> @Component(label = "%dav.name", description = "%dav.description", >>>>> metatype=true) >>>>> >>>>> And if not, can anybody apply that change? >>>>> >>>>> I have the urgent need as we have disabled the anonymous user and >>>>> without him the >>>>> RepositoryDescriptors can't be fetched by the jcr2spi layer which >>>>> results in a read only davex access. >>>>> >>>>> This can be cirumvented by setting the init.missing-auth-mapping >>>>> parameter on the davex servlet. >>>>> >>>>> Regards, >>>>> Markus >>>>> >>>> >>> >
