I found the problem! I was using an old a SlingAuthenticator.config
that contained
service.bundleLocation="slinginstall:org.apache.sling.auth.core-1.0.6.jar"
replacing it with
service.bundleLocation="slinginstall:org.apache.sling.auth.core-1.0.7-SNAPSHOT.jar"
Fixed the problem!
/Pontus
On 2011-12-21T23:31:54 CET, Pontus Amberg wrote:
Tried another browser (installed just to test this) and I still could
access the folders and files.
I looked at the Authenticators page and I'm a bit confused now. Where
is the paths on the
Authenticator page configured and should paths I configure for "Apache
Sling Authentication Service"
be visible on the Authenticators page? If I for example add "+/apps"
as an
Authentication Requirement in the config for "Apache Sling
Authentication Service" should it be visible
on the Authenticators page?
/Pontus
On 2011-12-21T22:46:24 CET, Felix Meschberger wrote:
Hi,
Am 21.12.2011 um 21:26 schrieb Pontus Amberg:
I just noticed that URL space subtrees that I specified in the
Authentication Service config
to require authentication (for example "+/apps") is accessible even if
the user hasn't
logged in. I'm testing this using the current trunk.
Is this a local problem with my config or is it a bug in the current
trunk?
This is not expected. Can you see in the Authenticators page in Web
Console some indication of potential issues ?
Plus: are you sure the user is not logged in ? Could it be some stray
HTTP Basic credentials sent from the browser getting Sling to think
it is authenticated ?
Regards
Felix
