Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-1656

Integration test AuthRequestLoginTest.testForcedLogin fails after removing HTTP Authenticator bundle

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Auth Core 1.0.0
    • Auth Core 1.0.0
    • Authentication
    • None

    Description

      After removing the HTTP Authentication Handler from the build an integration test fails because the HTTP Basic authentication handler built into the auth/core bundle does not request credentials.

      The reason for this is, that the old HTTP Authentication Handler checked the "sling:authRequestLogin" parameter and forced authentication by sending back a 401 response whenever that parameter was set to any value but no (HTTP BASIC) credentials were present in the request.

      The new HTTP Basic authentication handler built into the auth/core bundle only sends back the 401 response if the "sling:authRequestLogin" parameter is set to either "BASIC" or "1". The idea is, that this parameter may not only be used to request being logged in but also to select a concrete authentication handler.

      So, for backwards compatibility, the built-in HTTP Basic handler should also send back a 401 response if the parameter is set and no other authentication handler sent back a request for credentials before hand.

      Attachments

        Activity

          People

            fmeschbe Felix Meschberger
            fmeschbe Felix Meschberger
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: