Hi
I would assume the Sling Authentication Service has HTTP Basic Authentication
enabled with preemptive support. This means a 401 response is never sent.
Reconfiguring the Authentication Service to fully enable HTTP Basic
Authentication should do the trick.
Hope this helps.
Regards
Felix
Am 02.08.2013 um 13:38 schrieb Oliver Lietz:
> hello all,
>
> I'm porting an application from Vaadin to Sling using HTML and a custom Sling
> Servlet (service with property sling.servlet.paths).
> This works fine, but securing this application with HTTP Basic Authentication
> Handler does not work.
>
> - Allow Anonymous Access is enabled (in Apache Sling Authentication Service
> configuration)
>
> - Authentication Requirements is empty (in Apache Sling Authentication
> Service
> configuration)
>
> - HTTP Basic Authentication Handler is the only handler and registered for
> path /
>
> - the custom servlet sets sling.auth.requirements to {"+/services/myservlet",
> "+/content/myapp"} (myapp contains the HTML in JCR, no ACLs changed)
>
> - Authenticator (slingauth) shows Authentication Required Yes for
> /services/myservlet and /content/myapp and No for / (and also No for
> /system/sling/logout, /system/sling/login, /server)
>
> I expect the browser to ask for username and password when accessing
> /content/myapp and /services/myservlet, but that does not happen.
> What is missing? Is this intended behavior or a bug (same behavior on current
> Sling and CQ 5.5)?
>
> thanks,
> O.
