You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Bertrand Delacretaz (Created) (JIRA)" <ji...@apache.org> on 2012/03/20 17:59:38 UTC
[jira] [Created] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
--------------------------------------------------------------------------------------
Key: SLING-2443
URL: https://issues.apache.org/jira/browse/SLING-2443
Project: Sling
Issue Type: Bug
Components: Servlets
Reporter: Bertrand Delacretaz
Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
$ curl -D - -X OPTIONS http://localhost:8080/
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
Content-Type: ...
But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Posted by "Bertrand Delacretaz (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bertrand Delacretaz updated SLING-2443:
---------------------------------------
Fix Version/s: JCR Webdav 2.1.2
Fixed in revision 1308347
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
> Assignee: Bertrand Delacretaz
> Fix For: JCR Webdav 2.1.2
>
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Posted by "Bertrand Delacretaz (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13234392#comment-13234392 ]
Bertrand Delacretaz commented on SLING-2443:
--------------------------------------------
I agree about the reset in general, but the following pattern seems reasonable to me:
// Sling servlet is in trouble
response.setHeader("X-something-specific", "some useful value")
response.sendError(...)
And if you do this in a Sling servlet now that won't work...maybe we should preserve the headers instead of resetting everything?
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Posted by "Felix Meschberger (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13237784#comment-13237784 ]
Felix Meschberger commented on SLING-2443:
------------------------------------------
> That response.reset() call was not present in 2.1.0
For completeness: This came in with SLING-1842
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (SLING-2443) Missing WWW-Authenticate
header on OPTIONS request with trunk servlets.resolver bundle
Posted by "Felix Meschberger (Issue Comment Edited) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233558#comment-13233558 ]
Felix Meschberger edited comment on SLING-2443 at 3/20/12 5:03 PM:
-------------------------------------------------------------------
Hmm, somehow it sounds wrong that 401 response to ask for authentication go through error handling scripts ...
Rather 401 request for HTTP Basic authentication should do:
setStatus
setHeader(WWW-Authenticate)
flush
was (Author: fmeschbe):
Hmm, somehow it sounds wrong that 401 response to ask for authentication go through error handling scripts ...
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Posted by "Felix Meschberger (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233558#comment-13233558 ]
Felix Meschberger commented on SLING-2443:
------------------------------------------
Hmm, somehow it sounds wrong that 401 response to ask for authentication go through error handling scripts ...
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (SLING-2443) Missing WWW-Authenticate
header on OPTIONS request with trunk servlets.resolver bundle
Posted by "Bertrand Delacretaz (Issue Comment Edited) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13244177#comment-13244177 ]
Bertrand Delacretaz edited comment on SLING-2443 at 4/2/12 1:31 PM:
--------------------------------------------------------------------
Fixed in revision 1308347 by overriding sendUnauthorized(...) to use setStatus instead of sendError
was (Author: bdelacretaz):
Fixed in revision 1308347
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
> Assignee: Bertrand Delacretaz
> Fix For: JCR Webdav 2.1.2
>
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Posted by "Bertrand Delacretaz (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bertrand Delacretaz resolved SLING-2443.
----------------------------------------
Resolution: Fixed
Fixed in revision 1308347
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
> Assignee: Bertrand Delacretaz
> Fix For: JCR Webdav 2.1.2
>
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Posted by "Bertrand Delacretaz (Assigned) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bertrand Delacretaz reassigned SLING-2443:
------------------------------------------
Assignee: Bertrand Delacretaz
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
> Assignee: Bertrand Delacretaz
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Posted by "Bertrand Delacretaz (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233562#comment-13233562 ]
Bertrand Delacretaz commented on SLING-2443:
--------------------------------------------
IIUC it's jackrabbit's AbstractWebdavServlet. sendUnauthorized(...) method that sends this:
response.setHeader("WWW-Authenticate", getAuthenticateHeaderValue());
if (error == null || error.getErrorCode() != HttpServletResponse.SC_UNAUTHORIZED) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
} else {
response.sendError(error.getErrorCode(), error.getStatusPhrase());
}
and that looks a bit tricky to override (just had a quick look)
[1] http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/server/AbstractWebdavServlet.java
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Posted by "Bertrand Delacretaz (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bertrand Delacretaz updated SLING-2443:
---------------------------------------
Comment: was deleted
(was: Fixed in revision 1308347)
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
> Assignee: Bertrand Delacretaz
> Fix For: JCR Webdav 2.1.2
>
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Posted by "Felix Meschberger (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13234381#comment-13234381 ]
Felix Meschberger commented on SLING-2443:
------------------------------------------
In this case, this would rather be a bug for Jackrabbit.
I am against removing the response.reset call from the DefaultErrorHandlerServlet because this sounds absolutely reasonable to do when handling errors in a generic (default) way.
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Posted by "Reto Bachmann-Gmür (Commented JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13237559#comment-13237559 ]
Reto Bachmann-Gmür commented on SLING-2443:
-------------------------------------------
401 is an error code by http so it handling by error scripts seems reasonable by me. I think resetting the response is reasonable for server errors (5XX) as in this case something went wrong in producing the response but not for client errors (4XX) where there is something wrong with the request while the response can be assumed to be reasonable for that bogus request. Furthermore resetting headers but not the status line seems inconsistent to me.
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2443) Missing WWW-Authenticate header on
OPTIONS request with trunk servlets.resolver bundle
Posted by "Felix Meschberger (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13237627#comment-13237627 ]
Felix Meschberger commented on SLING-2443:
------------------------------------------
Yes, if the sendError is used, 401 is just like any other error and is handled by the error handling script.
The problem is, that 401 should not be sent to the client using sendError but using setStatus and committing the response to make sure the client gets the authentication requets.
> Missing WWW-Authenticate header on OPTIONS request with trunk servlets.resolver bundle
> --------------------------------------------------------------------------------------
>
> Key: SLING-2443
> URL: https://issues.apache.org/jira/browse/SLING-2443
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Reporter: Bertrand Delacretaz
>
> Running the launchpad/builder standalone jar from the trunk correctly returns an WWW-Authenticate header on an OPTIONS request with no credentials:
> $ curl -D - -X OPTIONS http://localhost:8080/
> HTTP/1.1 401 Unauthorized
> WWW-Authenticate: Basic realm="Jackrabbit Webdav Server"
> Content-Type: ...
> But if I replace the org.apache.sling.servlets.resolver 2.1.0 bundle that's in there with the latest snapshot (revision 1302994) that header is missing: it gets removed by the response.reset() call in DefaultErrorHandlerServlet.sendIntro(...), which makes it impossible to connect with WebDAV.
> That response.reset() call was not present in 2.1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira