Reputation: 147
AEM6.5 Apache Sling Authentication Service configuration not work
I am running a AEM author service, in Apache Sling Authentication Service I didn't add /system/sling/junit/.html into Authentication Requirements, and Allow Anonymous Access is unchecked, but still could access /system/sling/junit/.html without login.
- What's the reason for that?
- How could I enforce login to access all pages(there are maybe some other pages could be access without login).
Upvotes: 0
Views: 454
Answers (1)
Reputation: 1728
The JUnitServlet bypasses Sling-Authentication completely. If you look into the code, it registers directly as an OSGi servlet (via the OSGi http-service). It is registered parallel to the SlingMainServlet. So there is no way to enforce Sling Authentication from the outside. The JUnitServlet itself had to enforce Authentication (like the /system/console). It is open source, so you could add this feature in theory.
Also the documentation says, that it has no authentication:
Note that the JUnitServlet does not require authentication, so it would allow any client to run tests. The servlet can be disabled by configuration if needed, but in general the
/systempath should not be accessible to website visitors anyway.
Upvotes: 0
Related Questions
- Sling model unit tests: mock currentPage in SlingHttpServletRequest
- AEM Apache Dispatcher 2.4.6 client denied by server configuration
- Authentication mechanishim in publish
- AEM:OSGI sling service activate method not being executed
- /system/console/configMgr in CRX / AEM
- Apache Sling Authentication Service Anonymous Password Change Disabled Access to Login
- Sling Models OSGI Configuration