The /system/sling/login works perfectly fine as long as I am entering
the credentials correctly, but when I give wrong credentials, eg. by a
typing error, I get a page that leaves the user wondering - it says:
HTTP ERROR 200
Problem accessing /system/sling/login. Reason:
OK
Powered by Jetty://
That response page is sent with http status code 200 instead of code
401. The browser therefore cannot know that authorization has been
refused. All subsequent requests for any resource will display the same
page. To get a new chance to enter credentials correctly the user has to
restart the browser (closing all open windows/tabs).
The server runs a current trunk svn snapshot launchpad jar. In config
manager "Apache Sling Request Authenticator" I unchecked "Allow
Anonymous Access". Observed both with firefox 3.5 and IE 8.
Please advise how to get the usual behaviour: let the browser redisplay
the login prompt until successful or display a message describing the
failure when the user cancels the prompt. I think using status 401 for
the message should do both.
--
peter
