On 6 Jul 2010, at 22:15, Alexander Klimetschek wrote: > You would not have an anonymous user here at all, as you'd enforce > authentication for the /_user tree.
Unfortunately that does not work. /_user/<userid>/** *must* be accessible by anon so we cant force authentication. Without differentiation between "list child nodes" and "read child node" in jcr-170 or jcr-283, I don't think what I need to be done, can be achieved by any access manager/access control provider that conforms to the standard. So I have no option but to put the access control somewhere else. I will look that the userdir suggestion that Bertrand made, perhaps as a resource resolver as that is probably a better way of doing it in Sling. Thanks for you help. Ian
