Hi Tony, Looks to me like you have discovered a bug. The self-reg enabled flag is not handled correctly when activating the component.
I filed a new bug report (*SLING-1639<https://issues.apache.org/jira/browse/SLING-1639> )* to track the defect and I will fix it now. Regards, -Eric On Tue, Aug 10, 2010 at 11:08 AM, Tony Giaccone <[email protected]> wrote: > > I'm reading from the Sling web site: > > "The jackrabbit-usermanager bundle delivers a REST interface to create, > update and delete users...." > > And I have been able to successfully add a user, by executing the following > curl cmnd. > > curl -F:name=reader -Fpwd=ourReader -FpwdConfirm=ourReader -F"desc=Read > only access" > http://localhost:8080/sling/system/userManager/user.create.html > > Except that it seems that anyone at any time can post to this URL and > create a user. > > > So I looked at the configuration for that bundle and found a checkbox > labled: > > Self-Registration Enabled > > When selected, the anonymous user is allowed to register a new user > with the system. (self.registration.enabled) > > > And that checkbox was checked. So it seems that I should be able to uncheck > that box and prevent anonymous user creation. > > However, it doesn't work. I can still create new users as anonymous. > > What am I doing wrong? > > > Tony
