[ https://issues.apache.org/jira/browse/SLING-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-1678. -------------------------------------- Resolution: Fixed Added support for a new configuration property "auth.http" to provide the values in Rev. 988016 as described. Added Metatype Service texts in Rev. 988019 > Built-in HTTP Authentication Handler always requesting credentials > ------------------------------------------------------------------ > > Key: SLING-1678 > URL: https://issues.apache.org/jira/browse/SLING-1678 > Project: Sling > Issue Type: Improvement > Components: Authentication > Affects Versions: Auth Core 1.0.0 > Reporter: Felix Meschberger > Assignee: Felix Meschberger > Fix For: Auth Core 1.0.0 > > > The HTTP Authentication Handler built into the auth core module currently > always sends back a 401 response if its requestCredentials method is called. > There may be setups, though, where HTTP BASIC authentication must not be used > at all. For such setups, it must be possible to shutdown the HTTP > Authentication Handler. > Thus the configuration of the HTTP Authentication Handler should be extended > with an activity property with the following states: > * Disabled - the HTTP Authentication Handler never returns credentials or > sends a 401 response > * Enabled - the HTTP Authentication Handler is fully operative returning > existing credentials and sending 401 response in requestCredentials > * Preemptive - the HTTP Authentication Handler returns credentials if > present but does not set 401 response in the requestCredentials method -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.