Built-in HTTP Authentication Handler always requesting credentials
------------------------------------------------------------------
Key: SLING-1678
URL: https://issues.apache.org/jira/browse/SLING-1678
Project: Sling
Issue Type: Improvement
Components: Authentication
Affects Versions: Auth Core 1.0.0
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Auth Core 1.0.0
The HTTP Authentication Handler built into the auth core module currently
always sends back a 401 response if its requestCredentials method is called.
There may be setups, though, where HTTP BASIC authentication must not be used
at all. For such setups, it must be possible to shutdown the HTTP
Authentication Handler.
Thus the configuration of the HTTP Authentication Handler should be extended
with an activity property with the following states:
* Disabled - the HTTP Authentication Handler never returns credentials or
sends a 401 response
* Enabled - the HTTP Authentication Handler is fully operative returning
existing credentials and sending 401 response in requestCredentials
* Preemptive - the HTTP Authentication Handler returns credentials if
present but does not set 401 response in the requestCredentials method
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
