[ https://issues.apache.org/jira/browse/SLING-1656?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger updated SLING-1656: ------------------------------------- Component/s: Authentication > Integration test AuthRequestLoginTest.testForcedLogin fails after removing > HTTP Authenticator bundle > ---------------------------------------------------------------------------------------------------- > > Key: SLING-1656 > URL: https://issues.apache.org/jira/browse/SLING-1656 > Project: Sling > Issue Type: Bug > Components: Authentication > Affects Versions: Commons Auth 1.0.0 > Reporter: Felix Meschberger > Assignee: Felix Meschberger > Fix For: Commons Auth 1.0.0 > > > After removing the HTTP Authentication Handler from the build an integration > test fails because the HTTP Basic authentication handler built into the > auth/core bundle does not request credentials. > The reason for this is, that the old HTTP Authentication Handler checked the > "sling:authRequestLogin" parameter and forced authentication by sending back > a 401 response whenever that parameter was set to any value but no (HTTP > BASIC) credentials were present in the request. > The new HTTP Basic authentication handler built into the auth/core bundle > only sends back the 401 response if the "sling:authRequestLogin" parameter is > set to either "BASIC" or "1". The idea is, that this parameter may not only > be used to request being logged in but also to select a concrete > authentication handler. > So, for backwards compatibility, the built-in HTTP Basic handler should also > send back a 401 response if the parameter is set and no other authentication > handler sent back a request for credentials before hand. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.