Hi,this behavior as currently implemented breaks microjax in web browsers. If you are posting to an URI in order to change properties, the current implementation returns with an error 500, because anonymous is not allowed to change properties. The correct error message would be 401 (forbidden).
But still, the desired behavior is to ask the user for authentication if he is not authenticated and write permission is denied.
regards, Lars On 22.02.2008, at 10:48, Carsten Ziegeler wrote:
Hi,currently the sling authenticator disables anonymous requests per default. I think for convenience we should switch the default to allow anonymous requests and rely on the access control of the repository.If you think of different auth methods like form based authentication,you need anon access to specific parts anyway. The other solution would be to register an auth servlet next to the sling servlet just for these kind of things.WDYT? Carsten -- Carsten Ziegeler [EMAIL PROTECTED]
-- Lars Trieloff [EMAIL PROTECTED] http://weblogs.goshaky.com/weblogs/lars
smime.p7s
Description: S/MIME cryptographic signature
