Hi Justin You're probably right. The topic came up in [1]. As for the browsers I would dare to say there are more problems than advantages with Basic Auth: - Some browsers pass credentials even on parent paths where credentials should not be sent. - Logout is mostly a problem If the client is not a browser it surely looks better. I don't know how much apps built on sling really use Basic Auth but I guess rather few. That's why I would change the default behavour and disable the Basic Auth.
WDYT? [1] https://issues.apache.org/jira/browse/SLING-1765 best regards mike > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Justin Edelson > Sent: Tuesday, October 05, 2010 3:33 AM > To: [email protected] > Subject: Re: svn commit: r1004345 - > /sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/i > mpl/SlingAuthenticator.java > > I think we should put this change up for a vote. It is a major > backwards compatibility issue and basically means that every tutorial > everyone has ever written about how to use Sling with curl will no > longer work OOTB, e.g. > http://sling.apache.org/site/discover-sling-in-15-minutes.html > > Justin > > On Mon, Oct 4, 2010 at 2:06 PM, <[email protected]> wrote: > > Author: mykee > > Date: Mon Oct 4 18:06:40 2010 > > New Revision: 1004345 > > > > URL: http://svn.apache.org/viewvc?rev=1004345&view=rev > > Log: > > SLING-1817 switch HTTP Basic Authentication completely off by default > > > > Modified: > > sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/cor > e/impl/SlingAuthenticator.java > > > > Modified: > sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/i > mpl/SlingAuthenticator.java > > URL: > http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java > /org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1004345&r1= > 1004344&r2=1004345&view=diff > > > ========================================================== > ==================== > > --- > sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/i > mpl/SlingAuthenticator.java (original) > > +++ > sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/i > mpl/SlingAuthenticator.java Mon Oct 4 18:06:40 2010 > > @@ -136,7 +136,7 @@ public class SlingAuthenticator implemen > > */ > > private static final String HTTP_AUTH_PREEMPTIVE = "preemptive"; > > > > - �...@property(value = HTTP_AUTH_PREEMPTIVE, options = { > > + �...@property(value = HTTP_AUTH_DISABLED, options = { > > @PropertyOption(name = HTTP_AUTH_ENABLED, value = "Enabled"), > > @PropertyOption(name = HTTP_AUTH_PREEMPTIVE, value = "Enabled > (Preemptive)"), > > @PropertyOption(name = HTTP_AUTH_DISABLED, value = "Disabled") > }) > > > > > >
