You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2010/10/12 09:09:16 UTC
svn commit: r1021641 - in /sling/trunk:
bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/
launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/
Author: fmeschbe
Date: Tue Oct 12 07:09:15 2010
New Revision: 1021641
URL: http://svn.apache.org/viewvc?rev=1021641&view=rev
Log:
SLING-1831 Try to send 401/UNAUTHORIZED instead of 403/FORBIDDEN if a loop is detected
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1021641&r1=1021640&r2=1021641&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Tue Oct 12 07:09:15 2010
@@ -940,9 +940,10 @@ public class SlingAuthenticator implemen
HttpServletResponse response) {
if (!AbstractAuthenticationHandler.isValidateRequest(request)) {
- if (isBrowserRequest(request)) {
- if (!isAjaxRequest(request) && !isLoginLoop(request)) {
+ if (isBrowserRequest(request) && !isLoginLoop(request)) {
+
+ if (!isAjaxRequest(request)) {
try {
login(request, response);
@@ -972,6 +973,8 @@ public class SlingAuthenticator implemen
// enabled for preemptive credential support, we just request
// HTTP Basic credentials. Otherwise (HTTP Basic is fully
// switched off, 403 is sent back)
+ // we also do this in case of a redirect loop upon login
+ // (see SLING-1831 for details)
if (httpBasicHandler != null) {
httpBasicHandler.sendUnauthorized(response);
return;
Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java?rev=1021641&r1=1021640&r2=1021641&view=diff
==============================================================================
--- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java (original)
+++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.java Tue Oct 12 07:09:15 2010
@@ -112,8 +112,7 @@ public class AuthenticationResponseCodeT
get.setRequestHeader("Referer", requestUrl);
get.setRequestHeader("Accept", "text/*"); // simulate a browser request
int status = httpClient.executeMethod(get);
- assertEquals(HttpServletResponse.SC_FORBIDDEN, status);
- assertXReason(get);
+ assertEquals(HttpServletResponse.SC_UNAUTHORIZED, status);
}
public void testXRequestedWithIncorrectCredentials() throws Exception {