[
https://issues.apache.org/jira/browse/SLING-1220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger reassigned SLING-1220:
----------------------------------------
Assignee: Felix Meschberger
> [httpauth] Providing illegal credentials is not properly reported
> -----------------------------------------------------------------
>
> Key: SLING-1220
> URL: https://issues.apache.org/jira/browse/SLING-1220
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Extensions httpauth 2.0.4
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Extensions httpauth 2.0.6
>
>
> When providing illegal credentials in the login form, the form is silently
> redrawn without any indication as to what the problem is.
> The cause is the cooperation with the login form and the HTTP Header
> Authentication handler: The login form provides a parameter for the handler
> to identify the request as coming from the login form as an Ajax request.
> If this parameter is set when the requestAuthentication method is called, the
> response should be indicative of the login failure. And the client side
> script should identify this failure and display a message.
> The mechanism to convey this problem is sending a 403/FORBIDDEN status, which
> may be caught by the client side script and display the message. We do not
> use a 401/UNAUTHORIZED in this case, because this is caught by the browser
> causing the browser to display the standard login box.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
