Hi Rory, On Mon, Feb 2, 2009 at 16:20, Rory Douglas <[email protected]> wrote:
> Actually, currently in the HTTP Basic AuthHandler in the authenticate() > method, the code looks for a request parameter 'sling:authRequestLogin' > (value doesn't matter). If it finds it, the handler actually calls the > requestAuthentication() method on itself. So you can force at the HTTP Auth > login box to be displayed by just appending that param to your intended > target URL. If you've already authenticated via HTTP BASIC, the request > passes through directly to the target resource. > > Could this perhaps be generalized somehow? Perhaps moved into the > SlingAuthenticator? > I tried to access my content with the parameter 'sling:authRequestLogin', but I haven't got any credentials request and the HTTP error code returned was the same for the request without the parameter. Does this feature depends somehow on the "allow anonymous access" configuration? Another thing I noticed is that when I access the system console, I'm prompted for credentials. Isn't possible to reuse the logic that protects the contents under /system/console? Is this protection configured in Sling or is it Felix related? Kind regards, -- Douglas Jose http://douglasjose.com - "Use free software. Help us make a free world."
