hi, it actually depends on the missing-auth-mapping, in the jackrabbit web app it worked like this:
missing-auth-mapping = "" [which is different from param missing] 1) user with full read access ------------------------------------------------------------------------ GET http://localhost:8080/crx/server -> 200 : list of child resources (workspace resources) GET http://localhost:8080/crx/server/crx.default -> 200 : list of child resources (root node) GET http://localhost:8080/crx/server/crx.default/jcr:root -> 200 : serialization of root node 2) unauthenticated (where everyone has no read permission on /) ------------------------------------------------------------------------ GET http://localhost:8080/crx/server -> 200 : list of child resources (workspace resources) GET http://localhost:8080/crx/server/crx.default -> 200 : list of child resources (empty in this case) GET http://localhost:8080/crx/server/crx.default/jcr:root -> 404 : due to the fact that anonymous/unauthenticated user has no read permission and with the missing-auth-config specified above preemtive auth is expected. regards, toby On Nov 8, 2011, at 22:30 , Felix Meschberger wrote: > Hi, > > If I read the code correctly, it looks like out of the box the > JackrabbitWebdavServerServlet does HTTP Basic authentication provided the > client provides it but a 401/UNAUTHORIZED response is never sent. Thus > authentication seems to be assumed "preemptive". > > I think this case rolling back the SLING-2167 changes and thus not using the > Sling authenticator might be an ok solution. > > WDYT ? > > Regards > Felix > > Am 08.11.2011 um 20:39 schrieb Carsten Ziegeler (Reopened) (JIRA): > >> >> [ >> https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel >> ] >> >> Carsten Ziegeler reopened SLING-2167: >> ------------------------------------- >> >> >> No I don't agree - davex might be used by applications running in the >> browser. >> In these cases the auth must be shared between the application which is >> provided by html and davex >> >>> Use Sling Authenticator >>> ----------------------- >>> >>> Key: SLING-2167 >>> URL: https://issues.apache.org/jira/browse/SLING-2167 >>> Project: Sling >>> Issue Type: Improvement >>> Components: JCR >>> Affects Versions: JCR DavEx 1.0.0 >>> Reporter: Carsten Ziegeler >>> Assignee: Carsten Ziegeler >>> Fix For: JCR DavEx 1.1.0 >>> >>> >>> The davex support should use the SlingAuthenticator for better integration >>> into the Sling authentication >> >> -- >> This message is automatically generated by JIRA. >> If you think it was sent incorrectly, please contact your JIRA >> administrators: >> https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa >> For more information on JIRA, see: http://www.atlassian.com/software/jira >> >> >
