[ https://issues.apache.org/jira/browse/SLING-1641?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-1641. -------------------------------------- Resolution: Fixed Fixed in Rev. 984402 > HTTP Authenticator does not behave correctly > -------------------------------------------- > > Key: SLING-1641 > URL: https://issues.apache.org/jira/browse/SLING-1641 > Project: Sling > Issue Type: Bug > Components: Commons > Affects Versions: Commons Auth 1.0.0 > Reporter: Felix Meschberger > Assignee: Felix Meschberger > Fix For: Commons Auth 1.0.0 > > > The HTTP Authenticator included with the Commons Auth bundle currently does > not behave well with respect to logging out and requesting credentials: > (1) sling:authRequestLogin parameter > The sling:authRequestLogin parameter should be supported with both values > BASIC (for new mechanism) and 1 for backwards compatibility. Setting the > parameter should always cause a 401 response from the authentication handler > (2) sendUnauthorized > The method should not do anything (except logging) if called on a committed > response > (3) dropCredentials > The dropCredentials method should always send a 401 response if the > Authorization header is set in the response and the response has not been > committed yet. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.