hi all, here my +1 for anonymous access by default.
also prompting the user with a 401 for something that he does not have read access for is not an option, since in jcr if you are able to read content there is no way to tell that something exists. > > But still, the desired behavior is to ask the user for authentication if > > he is not authenticated and write permission is denied. > Your problem has nothing to do with the fact that we allow anonymous > access per default now. > Before that you could login as anonymous and would face the same problems. > This is rather a problem of the post servlet and the permission checking > there. Could you please open an issue? i agree with carstens assessment. i don't think though that the desired respeonse code for a permission denied on the repository level is a 401 even for "anonymous", but i think it should be a 403 error code instead. thoughts? regards, david
