Hi Joseph, Joseph Ottinger schrieb:
Is there a way to manage permissions to, well, things like the admin console from the Sling .war without rebundling the thing with security in web.xml?
Sling does not use the servlet container security at all. For normal access to the system (except the OSGi management console) Sling authenticates with the credentials from the request against the repository.
The OSGi management console has its own very simple authentication mechanism supporting a single user with HTTP Basic authentication. You can configure the user id, password and HTTP Basic authentication realm on the Configuration page of the console selecting the "Management Console" configuration.
Hope this helps. Regards Felix
