[SLING-1678] Built-in HTTP Authentication Handler always requesting credentials - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Auth Core 1.0.0
Fix Version/s: Auth Core 1.0.0
Component/s: Authentication
Labels:
None

Description

The HTTP Authentication Handler built into the auth core module currently always sends back a 401 response if its requestCredentials method is called. There may be setups, though, where HTTP BASIC authentication must not be used at all. For such setups, it must be possible to shutdown the HTTP Authentication Handler.

Thus the configuration of the HTTP Authentication Handler should be extended with an activity property with the following states:

Disabled - the HTTP Authentication Handler never returns credentials or sends a 401 response
Enabled - the HTTP Authentication Handler is fully operative returning existing credentials and sending 401 response in requestCredentials
Preemptive - the HTTP Authentication Handler returns credentials if present but does not set 401 response in the requestCredentials method

Attachments

Activity

People

Assignee:: Felix Meschberger

Reporter:: Felix Meschberger

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 23/Aug/10 05:02

Updated:: 27/Aug/10 08:50

Resolved:: 23/Aug/10 07:51