A user should not be allowed the view the acl of the node unless the user has been granted the "jcr:readAccessControl" privilege. If the access privilege is not granted, you would get the 404 response.
Perhaps your Chrome browser is passing along a cookie or http basic auth credentials that is causing it to run as a different user who has permission to view the acl? Regards, -Eric On Tue, Aug 10, 2010 at 11:53 AM, Tony Giaccone <[email protected]> wrote: > > > I'm looking at the access control information on page: > > > > http://sling.apache.org/site/managing-permissions-jackrabbitaccessmanager.html > > > I opened my text file, created a file that had a line of text and wrote > that file out on the webdav mount sling repository. > > The url for the node is: > > http://localhost:8080/sling/content/simpleNode > > If I hit it with this url: > > http://localhost:8080/sling/content/simpleNode.txt > > with Firefox 3.6.8, > Chrome 5.0.375.125, > Safari Version 5.0 (6533.16) > and curl > > I get the same thing in each. > > However, if I hit his url: > > http://localhost:8080/sling/content/simpleNode.acl.json > > With those that same URL I get 404 errors in all but chrome, > and what I think should be the correct response, an empty ACL, > from Chrome. > > Any idea why I get such different responses? > > > Tony
