Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-10588

Almost all pages are 401 unauthorized

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Hi I am a SlingCMS developer and user.
      After testing, I found that it is a problem with Apache Sling CMS Security Filter, the default "Host Domains" parameter is wrong, the config cannot be saved, and it is lost after restart.

      Steps to reproduce:

      1. Start SlingCMS, using an anonymous user to access the page http://localhost:8080/test/xxx, it shows 401 unauthorized

      2. Goto http://localhost:8080/system/console/configMgr
      find "Apache Sling CMS Security Filter"
      The "Host Domains" is blank, but after testing, there should be a "localhost" string, clear the "Host Domains" and click save.

      3. Using an anonymous user to access the page http://localhost:8080/test/xxx shows 404 Not Found
      It's OK now. However, after restarting SlingCMS, the problem is still the same, so you need to clear the Host Domains again and save it.

      Apache Sling CMS Security Filter -> Allowed Patterns, add one, for example ^/test/. *$, save, and after restarting, the Apache Sling CMS Security Filter configuration is lost.

      This problem causes most pages to be inaccessible, and the Servlets I developed is also inaccessible, so please fix it promptly Thanks.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            dklco Dan Klco
            James.R James Raynor
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment