You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2011/12/15 15:46:28 UTC
svn commit: r1214791 -
/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java
Author: fmeschbe
Date: Thu Dec 15 14:46:27 2011
New Revision: 1214791
URL: http://svn.apache.org/viewvc?rev=1214791&view=rev
Log:
SLING-2329 Fix loop prevention
- credential validations must not be replied to with a 401 (403 is expected here)
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java?rev=1214791&r1=1214790&r2=1214791&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java Thu Dec 15 14:46:27 2011
@@ -169,11 +169,18 @@ class HttpBasicAuthenticationHandler ext
* The assumption of this method unconditionally sending back the
* 401/UNAUTHORIZED response is that this method here is only called if the
* request actually provided invalid HTTP Basic credentials.
+ * <p>
+ * If the request is a
+ * {@link AuthUtil#isValidateRequest(HttpServletRequest) validation request}
+ * this method actually does nothing to allow for the expected 403/FORBIDDEN
+ * response to be sent.
*/
@Override
public void authenticationFailed(HttpServletRequest request, HttpServletResponse response,
AuthenticationInfo authInfo) {
- sendUnauthorized(response);
+ if (!AuthUtil.isValidateRequest(request)) {
+ sendUnauthorized(response);
+ }
}
/**