Hi, If I read the code correctly, it looks like out of the box the JackrabbitWebdavServerServlet does HTTP Basic authentication provided the client provides it but a 401/UNAUTHORIZED response is never sent. Thus authentication seems to be assumed "preemptive".
I think this case rolling back the SLING-2167 changes and thus not using the Sling authenticator might be an ok solution. WDYT ? Regards Felix Am 08.11.2011 um 20:39 schrieb Carsten Ziegeler (Reopened) (JIRA): > > [ > https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > ] > > Carsten Ziegeler reopened SLING-2167: > ------------------------------------- > > > No I don't agree - davex might be used by applications running in the browser. > In these cases the auth must be shared between the application which is > provided by html and davex > >> Use Sling Authenticator >> ----------------------- >> >> Key: SLING-2167 >> URL: https://issues.apache.org/jira/browse/SLING-2167 >> Project: Sling >> Issue Type: Improvement >> Components: JCR >> Affects Versions: JCR DavEx 1.0.0 >> Reporter: Carsten Ziegeler >> Assignee: Carsten Ziegeler >> Fix For: JCR DavEx 1.1.0 >> >> >> The davex support should use the SlingAuthenticator for better integration >> into the Sling authentication > > -- > This message is automatically generated by JIRA. > If you think it was sent incorrectly, please contact your JIRA > administrators: > https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa > For more information on JIRA, see: http://www.atlassian.com/software/jira > >
