On Nov 4, 2011, at 11:13 AM, Felix Meschberger wrote: > So I am contemplating the following change to the > SlingAuthenticator.handleSecurity method: If the method would return with > true (indicating regular request processing) but the request is POST to > .../j_security_check, then the request should actually fail with a 403. > > Advantage: No inadverted hanlding of this request in the Sling processing > pipeline > Disadvantage: No POST request to any .../j_security_check URL will ever pass > through Sling's Authentication mechanism > > WDYT ?
+1 Regards Antonio