Hi, Am 21.12.2011 um 21:26 schrieb Pontus Amberg:
> I just noticed that URL space subtrees that I specified in the > Authentication Service config > to require authentication (for example "+/apps") is accessible even if > the user hasn't > logged in. I'm testing this using the current trunk. > > Is this a local problem with my config or is it a bug in the current trunk? This is not expected. Can you see in the Authenticators page in Web Console some indication of potential issues ? Plus: are you sure the user is not logged in ? Could it be some stray HTTP Basic credentials sent from the browser getting Sling to think it is authenticated ? Regards Felix
