Open golinski opened 3 years ago
@golinski please check if this covers #33 too. If so - let's close that one too. #721 is the original for it.
No, https://github.com/peregrine-cms/enhancements/issues/33 works this way because /content
is anonymously readable, therefore no authentication is performed (and the form is not displayed) and markup is simply returned. Afterwards the /perapi
endpoints are not visible to the felibs (because we are an anonymous user), and the page stays blank.
Great analysis @golinski, thank you for that 👍🏼
Indeed. Thanks both to Reggie and Michał for investigating the issues related to expired login. To summarize the discussion from the water-cooler meeting, there were a few points...
org.apache.sling.engine.impl.auth.SlingAuthenticator
is not configured to grant access to anonymous unauthenticated users. But any authenticated user (members of everyone) has read access.
@golinski @cmrockwell @reggie7 great discussion here - one comment on the access servlet: that is probably a permission issue in /perapi/admin/access.json
that one should allow read for everyone - since the original issue was fixed and this relates more to https://github.com/peregrine-cms/enhancements/issues/33 - should we take the discussion there?
also, I think we should turn off the default /content/:/ mapping in our launcher - it is the default in sling but it seems confusing?
Hi @reusr1 Peregrine CMS would greatly benefit from friendlier URL's generally. The default content mapping offers a simple way to have that not just for the CMS pages, but also the tenant pages. No site owner wants to look at /content/ at root constantly. As CMS developers, we should not settle on that either. I mentioned the default content mapping in the context of this issue only to ensure the team was aware about it. But it is a separate topic, not related inherently related to these login issues. If you want to propose changes to the content mapping, could we discuss in a separate ticket? For what it's worth, I do not feel turning off the default /content/:/ mapping is for the better.
@cmrockwell I think that is what I was trying to say - we should split the discussion into a different ticket - this issue is about login does not work for certain paths
and from what I see that was fixed.
Ah I see. My comments on this issue 887 were a bit off topic. They were more relevant to issue 33 which I had read before the water-cooler meeting. It was on my mind, so maybe I delete the comments move them. Because I was mistaken about what issue 887 was really about. My apologies!
When in private mode one goes to etc. http://localhost:8080/system/console/bundles, we are presented with the normal login form at http://localhost:8080/system/sling/form/login?resource=%2Fsystem%2Fconsole%2Fbundles, but after entering
admin
/admin
we are redirected to http://localhost:8080/system/sling/form/login?resource=%2Fsystem%2Fconsole%2Fbundles%2Fj_security_check. Each subsequent login attempt just adds%2Fj_security_check
.