Hi all, I have some problems with authentication: maybe I'm missing something but I couldn't have it work as expected.
What I would like to do is to have an AuthenticationHandler to manage authentication for all the resources under the path "/root", with the exception of the login servlet, which I registered under the path "/root/login". To achieve it I implemented and register my handler adding the following SCR properties: * @scr.property nameRef="AuthenticationHandler.PATH_PROPERTY" * value="/root" * @scr.property name="sling.auth.requirements" * value="/root" Then I implemented and registered the login servlet with the following properties: * @scr.property name="sling.auth.requirements" value="-/root/login" When I tried to get a resource (let's say "/root/res1") I expected my handler to be called for authentication, and so it happened. The handler returned null credentials since no login was performed yet, and I expected the authentication to fail, but, unfortunately, this did not happen. So, I tried to disable any anonymous session from the web console, and this time the access was denied. But, when I then tried to call the login servlet, I was not authorized to do so. Is there something wrong with my properties? Am I using the authentication framework in the wrong way? Is there a way to achieve what I want without the need to disable anonymous sessions? Thanks in advance, Dave
