[
https://issues.apache.org/jira/browse/SLING-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12914622#action_12914622
]
Felix Meschberger commented on SLING-1428:
------------------------------------------
Committed a generalized version of the functionality in Rev. 1001053.
Now, the j_validate request parameter is supported by the SlingAuthenticator as
follows:
* If authentication succeeds, the request is terminated immediately with
200/OK (after calling the optional feedback handler)
* If authentication fails, the request is terminated immediately with
403/FORBIDDEN (after calling the optional feedback handler)
* If the extractCredentials method returns AUTH_FAIL and j_validate is set,
the request is also terminated with 403/FORBIDDEN
(without calling any feedback handler)
> Failed Form Auth via AJAX Does not Return Status 403
> ----------------------------------------------------
>
> Key: SLING-1428
> URL: https://issues.apache.org/jira/browse/SLING-1428
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Form Based Authentication 1.0.0
> Reporter: Jason Rose
> Assignee: Felix Meschberger
> Fix For: Form Based Authentication 1.0.2, Auth Core 1.0.4
>
>
> Posting:
> j_username=<some gibberish>
> j_password=<some gibberish>
> j_validate=true
> Returns status 200 and the HTML for the auth page. Looking at the
> sessionInfo.json shows me that I'm authenticated as anonymous, as intended,
> but the docs say I should have received a status code 403.
> Authenticating as a known user does indeed work as intended.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
