[
https://issues.apache.org/jira/browse/SLING-1383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger closed SLING-1383.
------------------------------------
Close after release
> Provide out-of-the-box HTTP Basic authentication handler in the Commons Auth
> bundle
> -----------------------------------------------------------------------------------
>
> Key: SLING-1383
> URL: https://issues.apache.org/jira/browse/SLING-1383
> Project: Sling
> Issue Type: Improvement
> Components: Authentication
> Reporter: Felix Meschberger
> Assignee: Carsten Ziegeler
> Fix For: Auth Core 1.0.0
>
> Attachments: SLING-1383.patch
>
>
> As discussed in http://markmail.org/thread/kyy25qmfus66son3 the existing HTTP
> Basic authentication handler should be merged into the Commons Auth bundle
> with the following simplifications:
> * Form support is dropped entirely
> * extractCredentials will always be enabled to support pre-emptive
> authentication (e.g. for HTTP Client applications)
> * requestCredentials disabled by default, may be enabled by configuration
> * dropCredentials disabled by defualt, may be configured to send 401 by
> configuration
> Note on Form support: I turns out, that form support is very complicated for
> the Internet Explorer and Firefox class browsers and impossible to support
> for WebKit class browsers like Chrome and Safari. So instead of further
> maintaining a complicated codebase with lots of special cases, it is better
> to support the basic case of simple HTTP Basic authentication out of the box
> and to do form based authentication right (as with the Form Based
> Authenticationhandler).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
