This produces the same result ( http 310 ("too many redirects") when
accessing "/".)
Am Mon Sep 17 02:39:49 2012 schrieb Eric Norman:
I think you can just deny the jcr:all privilege for the anonymous userid.
The everyone only applies to users who have logged in.
For example:
curl -FprincipalId=anonymous -Fprivilege@jcr:all=denied
http://admin:admin@localhost:**8080/sling6/.modifyAce.html
Regards,
Eric
On Sep 16, 2012 11:41 AM, "Sandro Boehme" <[email protected]> wrote:
Hello,
in the configuration of the "Apache Sling Authentication Service" I can
"disable anonymous access" which I understand as the user needs to log in.
Still, when I use "anonymous" as user and an empty password I can log in
and see the page for the path "/" and all child resources. Changing the
password for anonymous is not allowed by design. The source code looks like:
if ("anonymous".equals(name)) {
throw new RepositoryException(
"Can not change the password of the anonymous user.");
}
Looking at the privileges for the root path with
http://localhost:8080/.eacl.**json <http://localhost:8080/.eacl.json>
got me this json response:
{
"everyone":{
"principal":"everyone",
"granted":["jcr:all"],
"order":0
}
}
So I tried to remove the jcr:all privilege with
curl -FprincipalId=everyone -Fprivilege@jcr:all=denied
http://admin:admin@localhost:**8080/sling6/.modifyAce.html
to deny everything from the root on and grant it selectively on child
nodes.
But the response is http 310 ("too many redirects") when accessing "/".
Granting jcr:all to the everyone group to signup.html,... didn't help.
But granting everyone the jcr:all privilege at "/" and denying jcr:all at
a subnode results in an http 404 response for http://localhost:8080/**
mysubnode.json <http://localhost:8080/mysubnode.json> as I would expect
it.
Is there a way to avoid, that every new node under the root node has
jcr:all by default?
Best,
Sandro
