[
https://issues.apache.org/jira/browse/SLING-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12914388#action_12914388
]
Felix Meschberger commented on SLING-1428:
------------------------------------------
Reconsidering this, I think the "j_validate" functionality would be a nice
functionality to be added to the Sling Authenticator for use by all
authentication handlers.
So here is my proposal for handling the j_validate request parameter:
* If extractCredentials returns AUTH_FAIL and j_validate is set, a 403 is
returned with the X-Reason header
* During getResolver:
- if resolver is acquired: call feedback handler and return 200
- if resolver not acquired: call feedback handler and return 403 with
X-Reason header
> Failed Form Auth via AJAX Does not Return Status 403
> ----------------------------------------------------
>
> Key: SLING-1428
> URL: https://issues.apache.org/jira/browse/SLING-1428
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Form Based Authentication 1.0.0
> Reporter: Jason Rose
> Assignee: Felix Meschberger
> Fix For: Form Based Authentication 1.0.2, Auth Core 1.0.4
>
>
> Posting:
> j_username=<some gibberish>
> j_password=<some gibberish>
> j_validate=true
> Returns status 200 and the HTML for the auth page. Looking at the
> sessionInfo.json shows me that I'm authenticated as anonymous, as intended,
> but the docs say I should have received a status code 403.
> Authenticating as a known user does indeed work as intended.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
