Antonio Sanso created SLING-4785:
------------------------------------
Summary: sling.auth.requirements is ignored on expired credentials
Key: SLING-4785
URL: https://issues.apache.org/jira/browse/SLING-4785
Project: Sling
Issue Type: Bug
Components: Authentication
Reporter: Antonio Sanso
Let's assume the following scenario:
A sling application has an sling.auth.requirements that contains
{{-/content/noauthenticationrequired.html}}
An user obtained a valid sling credentials that last 1 hour. The credentials is
e.g. a token stored in the cookie.
If the user try to hit {{localhost:8080/content/noauthenticationrequired.html}}
with the expired crendentials (e.g. 2 hours after the authentication} the login
page is shown.
Expected behavior is instead the resource
{{/content/noauthenticationrequired.html}} should be displayed.
Patch to follow
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
