Am Freitag, 2. August 2013 schrieb Felix Meschberger:
> Hi
hello Felix,
> I would assume the Sling Authentication Service has HTTP Basic
> Authentication enabled with preemptive support. This means a 401 response
> is never sent. Reconfiguring the Authentication Service to fully enable
> HTTP Basic Authentication should do the trick.
it's already configured with full support. Any other idea?
Regards,
O.
> Hope this helps.
>
> Regards
> Felix
>
> Am 02.08.2013 um 13:38 schrieb Oliver Lietz:
> > hello all,
> >
> > I'm porting an application from Vaadin to Sling using HTML and a custom
> > Sling Servlet (service with property sling.servlet.paths).
> > This works fine, but securing this application with HTTP Basic
> > Authentication Handler does not work.
> >
> > - Allow Anonymous Access is enabled (in Apache Sling Authentication
> > Service configuration)
> >
> > - Authentication Requirements is empty (in Apache Sling Authentication
> > Service configuration)
> >
> > - HTTP Basic Authentication Handler is the only handler and registered
> > for path /
> >
> > - the custom servlet sets sling.auth.requirements to
> > {"+/services/myservlet", "+/content/myapp"} (myapp contains the HTML in
> > JCR, no ACLs changed)
> >
> > - Authenticator (slingauth) shows Authentication Required Yes for
> > /services/myservlet and /content/myapp and No for / (and also No for
> > /system/sling/logout, /system/sling/login, /server)
> >
> > I expect the browser to ask for username and password when accessing
> > /content/myapp and /services/myservlet, but that does not happen.
> > What is missing? Is this intended behavior or a bug (same behavior on
> > current Sling and CQ 5.5)?
> >
> > thanks,
> > O.
