Integration test AuthRequestLoginTest.testForcedLogin fails after removing HTTP
Authenticator bundle
----------------------------------------------------------------------------------------------------
Key: SLING-1656
URL: https://issues.apache.org/jira/browse/SLING-1656
Project: Sling
Issue Type: Bug
Affects Versions: Commons Auth 1.0.0
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Commons Auth 1.0.0
After removing the HTTP Authentication Handler from the build an integration
test fails because the HTTP Basic authentication handler built into the
auth/core bundle does not request credentials.
The reason for this is, that the old HTTP Authentication Handler checked the
"sling:authRequestLogin" parameter and forced authentication by sending back a
401 response whenever that parameter was set to any value but no (HTTP BASIC)
credentials were present in the request.
The new HTTP Basic authentication handler built into the auth/core bundle only
sends back the 401 response if the "sling:authRequestLogin" parameter is set to
either "BASIC" or "1". The idea is, that this parameter may not only be used to
request being logged in but also to select a concrete authentication handler.
So, for backwards compatibility, the built-in HTTP Basic handler should also
send back a 401 response if the parameter is set and no other authentication
handler sent back a request for credentials before hand.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
