[jira] [Commented] (SLING-10290) Every request renews sling.formauth token

Sat, 22 May 2021 12:01:19 -0700 


    [ 
https://issues.apache.org/jira/browse/SLING-10290?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17349814#comment-17349814
 ] 

Eric Norman commented on SLING-10290:
-------------------------------------

[~olli] Yes, I was already aware of the @Inject technique as you may see that I 
used it for getting a reference to the ConfigurationAdmin service.

However, I think I still prefer the HC approach since it is closer to a real 
world setup where the 
org.apache.felix.hc.core.impl.filter.ServiceUnavailableFilter uses the HC 
components to tell if the server is ready to service http requests.  The HC 
technique is extensible for more conditions than just service availability and 
to me that usage makes the test code more readable.  Also, I'm not a big fan of 
injecting services that I have no intention of using directly.

> Every request renews sling.formauth token
> -----------------------------------------
>
>                 Key: SLING-10290
>                 URL: https://issues.apache.org/jira/browse/SLING-10290
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Form Based Authentication 1.0.20
>            Reporter: Cris Rockwell
>            Assignee: Eric Norman
>            Priority: Critical
>             Fix For: Form Based Authentication 1.0.22
>
>         Attachments: image-2021-04-09-14-19-17-509.png
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> When using Apache Sling Form Based Authentication Handler
> Every request and subrequest sets a new value for `sling.formauth`
> Analyzing the code indicates that it not the intended behavior,
> and the cookie value of `sling.formauth` should be consistent for 30 minutes 
> according to the default value of form.auth.timeout
> Debugging shows that the method 
> [getCookieAuthData|https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java#L514-L519]
>  always returns null.... AuthenticationInfo properties are 
> user.jcr.credentials, sling.authType and user.name.  But this is not a 
> property called sling.formauth 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to