Thanks Stefan, works perfectly.
For benefit of others, I added this to my config node under /conf:
"security:acl": [
{ "principal": "everyone", "granted": ["jcr:read"] }
]
Docs suggest I should use "allow" rather than "granted", but that
didn't work for me.
regards,
ben
On Thu, 23 Feb 2023 at 18:44, Stefan Seifert
<stefan.seif...@diva-e.com.invalid> wrote:
> hello ben.
>
> yes, you would need to prepare your own ACL setup. e.g. grant jcr:read for
> everyone on /conf, or selected subpaths/globbings which you know are
> relevant. the caconfig resolver always uses the access rights of the
> resource resolver the current user (or anonymous) is using.
>
> stefan
>
> > -----Original Message-----
> > From: Ben Fortuna <benfort...@gmail.com>
> > Sent: Thursday, February 23, 2023 2:05 AM
> > To: users@sling.apache.org
> > Subject: Vanilla Sling and caconfig
> >
> > Hi all,
> >
> > Apologies for the novice question, just trying to understand how to use
> > caconfig with a vanilla Sling install.
> >
> > It seems that to resolve a config lookup (via sling:configRef ->
> > /conf/example) I need to be logged in as Sling admin for it to resolve
> > correctly. If I am not logged in, the config lookup (via Sling models
> > @ContextAwareConfiguration) will fail (return empty values).
> >
> > I can't see anywhere in the docs referring to ACLs for the /conf
> > hierarchy, just wondering if I need to configure something to allow
> config
> > resolution without being logged in.
> >
> > Many thanks
> > Ben
>
