[
https://issues.apache.org/jira/browse/SLING-1240?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12791229#action_12791229
]
Felix Meschberger commented on SLING-1240:
------------------------------------------
This might probably also make sense, yes.
To be sure, I don't have a patch right now, this is just a conceptual idea (or
functional requirement) right now to follow up on ... So everything is still
open for discussion and extension.
In any case, we must make sure to provide a backwards compatible way for the
current "global" setup, but even with adding methods to the configuration, this
is still possible: The current "global" configuration just applies to all URLs
with any request method.
> Allow configuration of URL space open without credentials
> ---------------------------------------------------------
>
> Key: SLING-1240
> URL: https://issues.apache.org/jira/browse/SLING-1240
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Affects Versions: Engine 2.0.6
> Reporter: Felix Meschberger
>
> Currently the SlingAuthenticator has a single flag -- auth.annonymous --
> defining whether anonymous access is allowed or not.
> To allow for more flexibility it would be interesting to be able to partition
> the URL space into areas requiring authentication and ares not requiring
> authentication. As such the current situation just has a single area -- the
> complete URL space -- which may be configured to require authentication or
> not.
> Such configuration may be of different form:
> * authentication handler declaring part of the URL space as requiring
> authentication
> * SlingAuthenticator configuration listing regular expressions to
> partition the URL space into authentication requiring areas.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
