[httpauth] Providing illegal credentials is not properly reported
-----------------------------------------------------------------
Key: SLING-1220
URL: https://issues.apache.org/jira/browse/SLING-1220
Project: Sling
Issue Type: Bug
Components: Extensions
Affects Versions: Extensions httpauth 2.0.4
Reporter: Felix Meschberger
Fix For: Extensions httpauth 2.0.6
When providing illegal credentials in the login form, the form is silently
redrawn without any indication as to what the problem is.
The cause is the cooperation with the login form and the HTTP Header
Authentication handler: The login form provides a parameter for the handler to
identify the request as coming from the login form as an Ajax request.
If this parameter is set when the requestAuthentication method is called, the
response should be indicative of the login failure. And the client side script
should identify this failure and display a message.
The mechanism to convey this problem is sending a 403/FORBIDDEN status, which
may be caught by the client side script and display the message. We do not use
a 401/UNAUTHORIZED in this case, because this is caught by the browser causing
the browser to display the standard login box.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
