Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
If anonymous access is disabled by configuration, but no authentication handler can be selected to authenticate the request, an Internal Server error is sent back to the client and a stack trace is logged :
20.01.2010 16:54:38 *MARK * servletengine: Servlet threw exception:
org.apache.sling.commons.auth.NoAuthenticationHandlerException
at org.apache.sling.commons.auth.impl.SlingAuthenticator.login(SlingAuthenticator.java:372)
at org.apache.sling.commons.auth.impl.SlingAuthenticator.getAnonymousSession(SlingAuthenticator.java:560)
at org.apache.sling.commons.auth.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:296)
at org.apache.sling.engine.impl.SlingMainServlet.handleSecurity(SlingMainServlet.java:817)
at org.apache.felix.http.base.internal.context.ServletContextImpl.handleSecurity(ServletContextImpl.java:224)
at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:86)
at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:77)
The login method is defined to throw a NoAuthenticationHandlerException if no authentication handler can be found to handle the request. This exception must be caught by the getAnonymousSession method and converted into a sensible error such as 403/FORBIDDEN.