On Mon, Jun 28, 2010 at 10:57 AM, Marco Filosi <[email protected]> wrote: > Hi, > > I removed the anonymous user but when I restart the servlet container (e.g. > tomcat) the anonymous user is recreated. I need to know how I can remove > anonymous user permanently if it is possible. > > Here below I explain the steps followed: > > > 1. Get a list of users by calling curl -X GET > http://localhost:8080/sling/system/userManager/user.tidy.1.json > 2. By default the unique users in a new system are: admin and anonymous. > 3. Remove anonymous user by calling curl -Fgo=1 > http://localhost:8080/sling/system/userManager/user/anonymous.delete.html > 4. Get a list of users and this time I have only admin user as I want. > 5. Restart servlet container tomcat > 6. Get a list of users and this time with the admin user appears also the > anonymous user. > > What is the best way to prevent the anonymous user autocreation?
I'm not sure, but I suspect the anonymous user is a Jackrabbit internal. But anyway, you can disable anonymous *access*: Browse to http://localhost:8080/system/console/configMgr and find Apache Sling Request Authenticator. Click the pencil icon. From that screen, disable the "allow anonymous access" checkbox. -- Vidar S. Ramdal <[email protected]> - http://www.idium.no Sommerrogata 13-15, N-0255 Oslo, Norway + 47 22 00 84 00 / +47 22 00 84 76 Quando omni flunkus moritatus!
