You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by Davide Maestroni <da...@gmail.com> on 2010/03/01 15:31:14 UTC
Re: Authentication requirements
Hi Felix,
Thank you for the hints. Actually I found out there were problems with the
service registration, hence the weird behavior.
Now I fixed the issue and everything works as expected.
Thanks again,
Davide
On Thu, Feb 18, 2010 at 11:11 PM, Felix Meschberger <fm...@gmail.com>wrote:
> Hi,
>
> On 18.02.2010 17:04, Davide Maestroni wrote:
> > Hi all,
> >
> > I have some problems with authentication: maybe I'm missing something but
> I
> > couldn't have it work as expected.
> >
> > What I would like to do is to have an AuthenticationHandler to manage
> > authentication for all the resources under the path "/root", with the
> > exception of the login servlet, which I registered under the path
> > "/root/login".
> > To achieve it I implemented and register my handler adding the following
> SCR
> > properties:
> >
> > * @scr.property nameRef="AuthenticationHandler.PATH_PROPERTY"
> > * value="/root"
> > * @scr.property name="sling.auth.requirements"
> > * value="/root"
> >
> > Then I implemented and registered the login servlet with the following
> > properties:
> >
> > * @scr.property name="sling.auth.requirements" value="-/root/login"
> >
> > When I tried to get a resource (let's say "/root/res1") I expected my
> > handler to be called for authentication, and so it happened. The handler
> > returned null credentials since no login was performed yet, and I
> expected
> > the authentication to fail, but, unfortunately, this did not happen.
> > So, I tried to disable any anonymous session from the web console, and
> this
> > time the access was denied. But, when I then tried to call the login
> > servlet, I was not authorized to do so.
> >
> > Is there something wrong with my properties? Am I using the
> authentication
> > framework in the wrong way?
> > Is there a way to achieve what I want without the need to disable
> anonymous
> > sessions?
>
> Your setup looks right and should be sufficient, no need to disable
> anonymous login.
>
> Do you have the latest trunk builds of the Commons Auth and Engine
> bundles installed ?
>
> You might also want to check the "Authenticator" page in the Web Console
> for the correct setup of the Authentication requirements.
>
> Regards
> Felix
>
> >
> > Thanks in advance,
> >
> > Dave
> >
>