Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-1383

Provide out-of-the-box HTTP Basic authentication handler in the Commons Auth bundle

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • Auth Core 1.0.0
    • Authentication
    • None

    Description

      As discussed in http://markmail.org/thread/kyy25qmfus66son3 the existing HTTP Basic authentication handler should be merged into the Commons Auth bundle with the following simplifications:

      • Form support is dropped entirely
      • extractCredentials will always be enabled to support pre-emptive authentication (e.g. for HTTP Client applications)
      • requestCredentials disabled by default, may be enabled by configuration
      • dropCredentials disabled by defualt, may be configured to send 401 by configuration

      Note on Form support: I turns out, that form support is very complicated for the Internet Explorer and Firefox class browsers and impossible to support for WebKit class browsers like Chrome and Safari. So instead of further maintaining a complicated codebase with lots of special cases, it is better to support the basic case of simple HTTP Basic authentication out of the box and to do form based authentication right (as with the Form Based Authenticationhandler).

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            cziegeler Carsten Ziegeler
            fmeschbe Felix Meschberger
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment