[
https://issues.apache.org/jira/browse/SLING-1134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12786885#action_12786885
]
Peter Chiochetti commented on SLING-1134:
-----------------------------------------
I am happy with browser baed HTTP Auth and did not bother to test form based
login, as I do not have any cosmetic problems with the browser popup and I can
live without knowing the users password on the client side of my application.
(Actually I consider this a feature.). So I immediately unchecked the
"LoginForm" in "Apache Sling Authorization Header Authenticator" configuration.
It also works well in safari and midori (another webkit based browser). If
wrong credentials are given, they are asked for again and again. When the
request gets cancelled, the message "HTTP ERROR 401 UNAUTHORIZED" is sent, how
it is supposed to be. A page reload will then retrigger authentication. Here,
accessing the system console always worked like that and still does, because it
is a different "realm".
As webkit browsers only send credentials for resources beneath the directory
where authentication was requested first, it may well be, that the login form
hides in the favicon or some other resource, thats included in the page and
stems from somewhere else on the server host. The browser based approach should
display fine even then.
> GET for http://localhost:8080/ results in HTTP ERROR 200
> --------------------------------------------------------
>
> Key: SLING-1134
> URL: https://issues.apache.org/jira/browse/SLING-1134
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Extensions httpauth 2.0.4
> Environment: Mac OS X 10.6.1, java version "1.6.0_15"
> Firefox (3.5.3)
> Reporter: Andreas Amstutz
> Assignee: Felix Meschberger
> Fix For: Extensions httpauth 2.0.6
>
> Attachments: error.log, sling.diff
>
>
> A GET for http://localhost:8080/ results in HTTP ERROR 200
> Steps to reproduce this:
> 1) svn checkout http://svn.apache.org/repos/asf/sling/trunk Sling
> 2) mvn -s /dev/null install (I had to apply the attached
> sling.diff for this to be successful)
> 3) cd launchpad/app/
> 4) java -jar target/org.apache.sling.launchpad.app-6-SNAPSHOT.jar -c sling
> 5) http://localhost:8080/system/console
> 6) set "Allow Anonymous Access" to false
> (org.apache.sling.engine.impl.auth.SlingAuthenticator)
> 7) go to http://localhost:8080/
> Result:
> - The log says: org.apache.sling.engine.impl.auth.SlingAuthenticator
> getAnonymousSession: Anonymous access not allowed by configuration -
> redirecting to login
> - Firefox: HTTP ERROR 200 , Problem accessing /. Reason: OK
> There is also quite a lot of noise in the error.log:
> *WARN* [SCR Component Actor]
> org.apache.sling.jcr.jackrabbit.server.impl.security.PluggableDefaultAccessManager
> No pluggable AccessManager available, falling back to DefaultAccessManager
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
