On Tue, Feb 28, 2017 at 10:17 PM, John Logan wrote:
> ...The SlingAuthenticator.doLogin() method first
> calls AuthUtil.isBrowserRequest(), and if the return value is true, then
> calls AuthUtil.isAjaxRequest(). This method returns true if the following
> header is present:
>
> X-Requested-With:
On Tuesday, February 28, 2017 11:50 AM, John Logan
wrote:
> On Tuesday, February 28, 2017 6:33 AM, Bertrand Delacretaz
> wrote:
[snip]
> > AFAIK it's the AuthUtil.isBrowserRequest method [1] that makes this
> > decision.
[snip]
>
> I suppose that a minimally invasive approach would be to modi
Hi Bertrand,
Thanks for your response! I appreciate your help.
On Tuesday, February 28, 2017 6:33 AM, Bertrand Delacretaz
wrote:
> Hi John,
>
> On Mon, Feb 27, 2017 at 10:11 PM, John Logan wrote:
> > ...I receive 302 if the curl request includes the user agent, and
> > 401 otherwise
>
Hi John,
On Mon, Feb 27, 2017 at 10:11 PM, John Logan wrote:
> ...I receive 302 if the curl request includes the user agent, and
> 401 otherwise
AFAIK it's the AuthUtil.isBrowserRequest method [1] that makes this decision.
> I don't think this helps for browser AJAX requests, though...
Yo
One thing that I notice is that if I copy from the browser
debugger the curl equivalent of a request that returns 302,
and issue the curl command with and without the User-Agent
header:
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
Gecko/20100101 Firefox/52.0'
I receive
Hello!
I'm running into an issue where I've created a Sling servlet that
queries nodes and returns a JSON result. My web application uses
the form-based AuthenticationHandler to establish a session, and
then fetches the resource provided by my servlet.
This works fine until the session times out