Hi, Am Donnerstag, den 28.02.2008, 14:34 +0100 schrieb Carsten Ziegeler: > Lars Trieloff wrote: > > Hi, > > > > this behavior as currently implemented breaks microjax in web browsers. > > If you are posting to an URI in order to change properties, the current > > implementation returns with an error 500, because anonymous is not > > allowed to change properties. The correct error message would be 401 > > (forbidden). > > > > But still, the desired behavior is to ask the user for authentication if > > he is not authenticated and write permission is denied. > > > Your problem has nothing to do with the fact that we allow anonymous > access per default now. > Before that you could login as anonymous and would face the same problems. > > This is rather a problem of the post servlet and the permission checking > there. Could you please open an issue?
This is correct because the UjaxPostServlet catches "Exception" and thus also grocks the AccessControlException preventing Sling from sending back the correct 401 response. Regards Felix
