[SLING-1641] HTTP Authenticator does not behave correctly - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Auth Core 1.0.0
Fix Version/s: Auth Core 1.0.0
Component/s: Authentication
Labels:
None

Description

The HTTP Authenticator included with the Commons Auth bundle currently does not behave well with respect to logging out and requesting credentials:

(1) sling:authRequestLogin parameter

The sling:authRequestLogin parameter should be supported with both values BASIC (for new mechanism) and 1 for backwards compatibility. Setting the parameter should always cause a 401 response from the authentication handler

(2) sendUnauthorized

The method should not do anything (except logging) if called on a committed response

(3) dropCredentials

The dropCredentials method should always send a 401 response if the Authorization header is set in the response and the response has not been committed yet.

Attachments

Activity

People

Assignee:: Felix Meschberger

Reporter:: Felix Meschberger

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 11/Aug/10 13:32

Updated:: 27/Aug/10 08:50

Resolved:: 11/Aug/10 13:36