Hello list IIUC the Sling Authenticator chooses an authentication handler based on the request path, and *not* on the mapped path.
So (please correct me if I'm wrong), it seems not possible to have two different internalRedirects from domain-names to sub-paths, which are covered by two different authentication handlers. E.g. + /etc/map/http/bla.4502 - sling:internalRedirect = /content/bla + /etc/map/http/fasel.4502 - sling:internalRedirect = /content/fasel with two different authentication handlers, one registered for /content/bla and one for /content/fasel is *not* possible, correct? Now, two questions a) what is the reasoning behind having the authenticator select handlers *before* the mapping b) is it possible to make this work somehow? Also, to me, this slightly smells of a privilege escalation. Say I have write access to /etc/map, I will be able to change authentication handlers for an arbitrary sub-pat, potentially disabling authentication altogether (by mapping a path without authentication requirements to the target path). Of course, in most cases this will not achieve anything, because you still won't have access to the resources, but it does seem a little "shady" at least. No? Thanks for your thoughts Lars
