HTTP Authenticator does not behave correctly
--------------------------------------------
Key: SLING-1641
URL: https://issues.apache.org/jira/browse/SLING-1641
Project: Sling
Issue Type: Bug
Components: Commons
Affects Versions: Commons Auth 1.0.0
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Commons Auth 1.0.0
The HTTP Authenticator included with the Commons Auth bundle currently does not
behave well with respect to logging out and requesting credentials:
(1) sling:authRequestLogin parameter
The sling:authRequestLogin parameter should be supported with both values BASIC
(for new mechanism) and 1 for backwards compatibility. Setting the parameter
should always cause a 401 response from the authentication handler
(2) sendUnauthorized
The method should not do anything (except logging) if called on a committed
response
(3) dropCredentials
The dropCredentials method should always send a 401 response if the
Authorization header is set in the response and the response has not been
committed yet.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
