Provide out-of-the-box HTTP Basic authentication handler in the Commons Auth
bundle
-----------------------------------------------------------------------------------
Key: SLING-1383
URL: https://issues.apache.org/jira/browse/SLING-1383
Project: Sling
Issue Type: Improvement
Components: Commons
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Commons Auth 1.0.0
As discussed in http://markmail.org/thread/kyy25qmfus66son3 the existing HTTP
Basic authentication handler should be merged into the Commons Auth bundle with
the following simplifications:
* Form support is dropped entirely
* extractCredentials will always be enabled to support pre-emptive
authentication (e.g. for HTTP Client applications)
* requestCredentials disabled by default, may be enabled by configuration
* dropCredentials disabled by defualt, may be configured to send 401 by
configuration
Note on Form support: I turns out, that form support is very complicated for
the Internet Explorer and Firefox class browsers and impossible to support for
WebKit class browsers like Chrome and Safari. So instead of further maintaining
a complicated codebase with lots of special cases, it is better to support the
basic case of simple HTTP Basic authentication out of the box and to do form
based authentication right (as with the Form Based Authenticationhandler).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
