[
https://issues.apache.org/jira/browse/SLING-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger resolved SLING-1678.
--------------------------------------
Resolution: Fixed
Added support for a new configuration property "auth.http" to provide the
values in Rev. 988016 as described.
Added Metatype Service texts in Rev. 988019
> Built-in HTTP Authentication Handler always requesting credentials
> ------------------------------------------------------------------
>
> Key: SLING-1678
> URL: https://issues.apache.org/jira/browse/SLING-1678
> Project: Sling
> Issue Type: Improvement
> Components: Authentication
> Affects Versions: Auth Core 1.0.0
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Auth Core 1.0.0
>
>
> The HTTP Authentication Handler built into the auth core module currently
> always sends back a 401 response if its requestCredentials method is called.
> There may be setups, though, where HTTP BASIC authentication must not be used
> at all. For such setups, it must be possible to shutdown the HTTP
> Authentication Handler.
> Thus the configuration of the HTTP Authentication Handler should be extended
> with an activity property with the following states:
> * Disabled - the HTTP Authentication Handler never returns credentials or
> sends a 401 response
> * Enabled - the HTTP Authentication Handler is fully operative returning
> existing credentials and sending 401 response in requestCredentials
> * Preemptive - the HTTP Authentication Handler returns credentials if
> present but does not set 401 response in the requestCredentials method
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
