[
https://issues.apache.org/jira/browse/SLING-1656?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-1656:
-------------------------------------
Component/s: Authentication
> Integration test AuthRequestLoginTest.testForcedLogin fails after removing
> HTTP Authenticator bundle
> ----------------------------------------------------------------------------------------------------
>
> Key: SLING-1656
> URL: https://issues.apache.org/jira/browse/SLING-1656
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Commons Auth 1.0.0
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Commons Auth 1.0.0
>
>
> After removing the HTTP Authentication Handler from the build an integration
> test fails because the HTTP Basic authentication handler built into the
> auth/core bundle does not request credentials.
> The reason for this is, that the old HTTP Authentication Handler checked the
> "sling:authRequestLogin" parameter and forced authentication by sending back
> a 401 response whenever that parameter was set to any value but no (HTTP
> BASIC) credentials were present in the request.
> The new HTTP Basic authentication handler built into the auth/core bundle
> only sends back the 401 response if the "sling:authRequestLogin" parameter is
> set to either "BASIC" or "1". The idea is, that this parameter may not only
> be used to request being logged in but also to select a concrete
> authentication handler.
> So, for backwards compatibility, the built-in HTTP Basic handler should also
> send back a 401 response if the parameter is set and no other authentication
> handler sent back a request for credentials before hand.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
