Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Auth Core 1.0.0
-
None
Description
After removing the HTTP Authentication Handler from the build an integration test fails because the HTTP Basic authentication handler built into the auth/core bundle does not request credentials.
The reason for this is, that the old HTTP Authentication Handler checked the "sling:authRequestLogin" parameter and forced authentication by sending back a 401 response whenever that parameter was set to any value but no (HTTP BASIC) credentials were present in the request.
The new HTTP Basic authentication handler built into the auth/core bundle only sends back the 401 response if the "sling:authRequestLogin" parameter is set to either "BASIC" or "1". The idea is, that this parameter may not only be used to request being logged in but also to select a concrete authentication handler.
So, for backwards compatibility, the built-in HTTP Basic handler should also send back a 401 response if the parameter is set and no other authentication handler sent back a request for credentials before hand.