I don't know if I am allowed to vote or count :) But I think that since Sling is a generic framework and does not have anything to hide, it would be a good idea to make it as easy as possible to 'try it out' for newcomers. As long as it is documented how to enable security.
+1 Cheers, PS On Fri, Feb 22, 2008 at 10:48 AM, Carsten Ziegeler <[EMAIL PROTECTED]> wrote: > Hi, > > currently the sling authenticator disables anonymous requests per default. > I think for convenience we should switch the default to allow anonymous > requests and rely on the access control of the repository. > > If you think of different auth methods like form based authentication, > you need anon access to specific parts anyway. The other solution would > be to register an auth servlet next to the sling servlet just for these > kind of things. > > WDYT? > Carsten > -- > Carsten Ziegeler > [EMAIL PROTECTED] >
