hello all,
I'm porting an application from Vaadin to Sling using HTML and a custom Sling
Servlet (service with property sling.servlet.paths).
This works fine, but securing this application with HTTP Basic Authentication
Handler does not work.
- Allow Anonymous Access is enabled (in Apache Sling Authentication Service
configuration)
- Authentication Requirements is empty (in Apache Sling Authentication Service
configuration)
- HTTP Basic Authentication Handler is the only handler and registered for
path /
- the custom servlet sets sling.auth.requirements to {"+/services/myservlet",
"+/content/myapp"} (myapp contains the HTML in JCR, no ACLs changed)
- Authenticator (slingauth) shows Authentication Required Yes for
/services/myservlet and /content/myapp and No for / (and also No for
/system/sling/logout, /system/sling/login, /server)
I expect the browser to ask for username and password when accessing
/content/myapp and /services/myservlet, but that does not happen.
What is missing? Is this intended behavior or a bug (same behavior on current
Sling and CQ 5.5)?
thanks,
O.
