in src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java [124:144]
protected void activate(final BundleContext bundleContext, Config config) {
final String davRoot = config.alias();
final boolean createAbsoluteUri = config.dav_create$_$absolute$_$uri();
final String protectedHandlers = config.dav_protectedhandlers();
// prepare DavEx servlet config
final Dictionary<String, Object> initProps = new Hashtable<>();
initProps.put(toInitParamProperty(INIT_PARAM_RESOURCE_PATH_PREFIX), davRoot);
initProps.put(toInitParamProperty(INIT_PARAM_CREATE_ABSOLUTE_URI), Boolean.toString(createAbsoluteUri));
initProps.put(toInitParamProperty(INIT_PARAM_CSRF_PROTECTION), CSRFUtil.DISABLED);
initProps.put(toInitParamProperty(INIT_PARAM_PROTECTED_HANDLERS_CONFIG), protectedHandlers);
initProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_PATTERN, davRoot.concat("/*"));
initProps.put(Constants.SERVICE_VENDOR, SERVICE_VENDOR);
initProps.put(Constants.SERVICE_DESCRIPTION, SERVICE_DESCRIPTION);
initProps.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_CONTEXT_SELECT,
"(" + HttpWhiteboardConstants.HTTP_WHITEBOARD_CONTEXT_NAME + "=" + AuthHttpContext.HTTP_CONTEXT_NAME + ")");
initProps.put(PAR_AUTH_REQ, "-" + davRoot); // make sure this is not forcibly authenticated !
this.davServlet = bundleContext.registerService(Servlet.class.getName(), this, initProps);
}