Hi all, While working on some authentication handler stuff (integration Eric's work and brushing up the OpenID handler), I started wondering, whether we should not integrate a bare HTTP Basic Authentication handler into the Sling Commons Auth bundle.
By "bare" I mean, just support for sending 401 status back to the client, not thrilling form support or such. Very simple: - extractCredentials: reads Authentication header if existing - requestCredentials: sends 401 status - dropCredentials: does nothing or also sends 401 status This handler would not be registered as a service but directly known to the SlingAuthenticator class, which ensures this handler is always asked as a last resort. As a consequence we could fade out support for the existing httpauth bundle, since we would then have regular HTTP Basic auth in commons auth and form based support in the new cookieauth handler and of course even cooler stuff in the openid handler. WDYT ? Regards Felix
