Actually, currently in the HTTP Basic AuthHandler in the authenticate()
method, the code looks for a request parameter 'sling:authRequestLogin'
(value doesn't matter). If it finds it, the handler actually calls the
requestAuthentication() method on itself. So you can force at the HTTP
Auth login box to be displayed by just appending that param to your
intended target URL. If you've already authenticated via HTTP BASIC,
the request passes through directly to the target resource.
Could this perhaps be generalized somehow? Perhaps moved into the
SlingAuthenticator?
Felix Meschberger wrote:
Hi Douglas,
Douglas José schrieb:
Hi Felix,
First of all, many thanks for your suggestions. Now I understand better how
Sling behaves, but I still have some unclear points:
- How can I create an authenticated request?
It seems like you stumbled up an issue, which has not been handled yet ;-)
Internally we have an API to request authentication for a request. This
functionality selects the appropriate authentication handler for the
request (according to the requested resource), which in turn then acts
correctly, be it by just sending a 401/UNAUTHORIZED reply or by
presenting a login form.
Unfortunately this API cannot be triggered from the outside.
