You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Dan Klco (Jira)" <ji...@apache.org> on 2021/07/08 01:15:00 UTC

[jira] [Commented] (SLING-10588) Almost all pages are 401 unauthorized

    [ https://issues.apache.org/jira/browse/SLING-10588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17376933#comment-17376933 ] 

Dan Klco commented on SLING-10588:
----------------------------------

Thanks for the bug report [~James.R]. If I'm tracking right the problem is in the default value of the Component Configuration Definition.

The only concern I have is that this is part of the security mechanism, you should configure it correctly to match the domain with which your instance is accessed.

That being said, it should be possible to unset so I will look at this. 

> Almost all pages are 401 unauthorized
> -------------------------------------
>
>                 Key: SLING-10588
>                 URL: https://issues.apache.org/jira/browse/SLING-10588
>             Project: Sling
>          Issue Type: Bug
>          Components: App CMS
>    Affects Versions: App CMS 1.0.2
>            Reporter: James Raynor
>            Assignee: Dan Klco
>            Priority: Major
>
> Hi I am a SlingCMS developer and user.
>  After testing, I found that it is a problem with Apache Sling CMS Security Filter, the default "Host Domains" parameter is wrong, the config cannot be saved, and it is lost after restart.
> Steps to reproduce:
> 1. Start SlingCMS, using an anonymous user to access the page [http://localhost:8080/test/xxx], it shows 401 unauthorized
> 2. Goto [http://localhost:8080/system/console/configMgr]
>  find "Apache Sling CMS Security Filter"
>  The "Host Domains" is blank, but after testing, there should be a "localhost" string, clear the "Host Domains" and click save.
> 3. Using an anonymous user to access the page [http://localhost:8080/test/xxx] shows 404 Not Found
>  It's OK now. However, after restarting SlingCMS, the problem is still the same, so you need to clear the Host Domains again and save it.
> Apache Sling CMS Security Filter -> Allowed Patterns, add one, for example ^/test/. *$, save, and after restarting, the Apache Sling CMS Security Filter configuration is lost.
> This problem causes most pages to be inaccessible, and the Servlets I developed is also inaccessible, so please fix it promptly Thanks.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)