Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-1678

Built-in HTTP Authentication Handler always requesting credentials

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Auth Core 1.0.0
    • Auth Core 1.0.0
    • Authentication
    • None

    Description

      The HTTP Authentication Handler built into the auth core module currently always sends back a 401 response if its requestCredentials method is called. There may be setups, though, where HTTP BASIC authentication must not be used at all. For such setups, it must be possible to shutdown the HTTP Authentication Handler.

      Thus the configuration of the HTTP Authentication Handler should be extended with an activity property with the following states:

      • Disabled - the HTTP Authentication Handler never returns credentials or sends a 401 response
      • Enabled - the HTTP Authentication Handler is fully operative returning existing credentials and sending 401 response in requestCredentials
      • Preemptive - the HTTP Authentication Handler returns credentials if present but does not set 401 response in the requestCredentials method

      Attachments

        Activity

          People

            fmeschbe Felix Meschberger
            fmeschbe Felix Meschberger
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: