Felix Meschberger wrote: > Hi all, > > While working on some authentication handler stuff (integration Eric's > work and brushing up the OpenID handler), I started wondering, whether > we should not integrate a bare HTTP Basic Authentication handler into > the Sling Commons Auth bundle. > > By "bare" I mean, just support for sending 401 status back to the > client, not thrilling form support or such. Very simple: > > - extractCredentials: reads Authentication header if existing > - requestCredentials: sends 401 status > - dropCredentials: does nothing or also sends 401 status > > This handler would not be registered as a service but directly known to > the SlingAuthenticator class, which ensures this handler is always asked > as a last resort. > > As a consequence we could fade out support for the existing httpauth > bundle, since we would then have regular HTTP Basic auth in commons auth > and form based support in the new cookieauth handler and of course even > cooler stuff in the openid handler. > > WDYT ? Sounds good to me. I guess this basic auth handler is still configurable by a path, so it would be possible to configure it for only parts of the content or disable it completly, right?
Carsten -- Carsten Ziegeler [email protected]
