This is my first Slack post, so I apologize in advance if I mess this up. I suspect I'm missing something simple, but I'm stumped. I've been looking at the fw/1 Secure Authentication Example from https://www.forgebox.io/view/fw1-sa/version/1.0.63 (thank you Denard Springle). I'm using ACF 2021 and IIS but the result is the same on a Lucee server. The example app installed easily and works as it should. The issue I'm having rises when I try to load a .cfm page from an "unhandled" folder. In this case the unhandled folder is named 'test'. I added the line "unhandledPaths = '/test'," to the framework configuration in application.cfc

// set application specific variables
    variables.framework = {
        usingSubsystems = true,
        unhandledPaths = '/test'
    };

When I browse to a simple test page : {root}/test/hello.cfm two exceptions are raised: "Neither the method onRequest was found in component C:\inetpub\wwwroot\fw1-sa\MyApplication.cfc nor was there any default method with this name present in any of the implementing interface." and... "Neither the method onError was found in component C:\inetpub\wwwroot\fw1-sa\MyApplication.cfc nor was there any default method with this name present in any of the implementing interface." Debugging with Fusion Reactor I can see that the methods "onRequest" and "onError" are being deleted from the variables struct in the onRequestStart() method in the component one.cfc. This is expected since the target path includes the unhandledPath. In a different fw/1 application that I work on, at the end of onRequestStart() ColdFusion processes the desired page from the unahandled path and FW/1 stays out of the way. In the Secure Authentication Example, FW/1 throws the errors listed above and the requested page does not load.

public any function onRequestStart( string targetPath ) { 
...
if ( isUnhandledRequest( targetPath ) ) {
            structDelete(this, 'onRequest');
            structDelete(variables, 'onRequest');
            structDelete(this, 'onRequestEnd');
            structDelete(variables, 'onRequestEnd');
            if ( !variables.framework.unhandledErrorCaught ) {
                structDelete(this, 'onError');
                structDelete(variables, 'onError');
            trace(text="unhandled request");    
            }
        } else {
            setupRequestWrapper( true );
        }

I suspect the problem has to do with the Secure Auth example using legacy subsystems and Alternative Application Structure, but I am unable to figure out exactly what's wrong. I've tried refactoring the example using V2 subsytems but get the same result. Any suggestions much appreciated. Paul