[
https://issues.apache.org/jira/browse/SLING-1641?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger closed SLING-1641.
------------------------------------
Close after release
> HTTP Authenticator does not behave correctly
> --------------------------------------------
>
> Key: SLING-1641
> URL: https://issues.apache.org/jira/browse/SLING-1641
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.0.0
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Auth Core 1.0.0
>
>
> The HTTP Authenticator included with the Commons Auth bundle currently does
> not behave well with respect to logging out and requesting credentials:
> (1) sling:authRequestLogin parameter
> The sling:authRequestLogin parameter should be supported with both values
> BASIC (for new mechanism) and 1 for backwards compatibility. Setting the
> parameter should always cause a 401 response from the authentication handler
> (2) sendUnauthorized
> The method should not do anything (except logging) if called on a committed
> response
> (3) dropCredentials
> The dropCredentials method should always send a 401 response if the
> Authorization header is set in the response and the response has not been
> committed yet.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
