Hi - according to documentation @ http://felix.apache.org/documentation/subprojects/apache-felix-web-console.html <http://felix.apache.org/documentation/subprojects/apache-felix-web-console.html> i should be able to disable authentication by “clearing the ‘username’" configuration property (or by setting the bundle context property “felix.webconsole.username” to the empty string which is what I do).
I cannot get this to work, I’m challenged with a “WWW-Authorize” any way. I’m also looking at the source code (org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext#handleSecurity) which _also_ states (in the Javadoc): "If no user name is set, the <code>Authorization</code> header is ignored and the client is assumed to be authenticated.” As far as I can tell by looking at the source I there’s is really no place where the username config property is used to decide if authentication should be performed or not. Is this a bug or a change that somehow did not get documented? :) Best regards //Anders P.S I think I can get around the actual problem by implementing a WebConsoleSecurityProvider - but it would be great if I didn’t have to. D.S
