You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/09/23 15:37:33 UTC
[jira] Resolved: (SLING-1428) Failed Form Auth via AJAX Does not
Return Status 403
[ https://issues.apache.org/jira/browse/SLING-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-1428.
--------------------------------------
Fix Version/s: Form Based Authentication 1.0.2
Auth Core 1.0.4
Resolution: Fixed
Implemented an extended version of the proposed patch in Rev. 1000462:
Send a 403 response if either the provided cookie value is invalid or if the provided user name and password cannot be used to login. Created methods to actually send back the success or failure responses for validation requests.
Some small extension to the SlingAuthenticator.getResolver() method: Don't further process if the AuthenticationFeedbackHandler.authenticationFailed method commits the response (as is done with support for 403 response for a validation check).
> Failed Form Auth via AJAX Does not Return Status 403
> ----------------------------------------------------
>
> Key: SLING-1428
> URL: https://issues.apache.org/jira/browse/SLING-1428
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Form Based Authentication 1.0.0
> Reporter: Jason Rose
> Assignee: Felix Meschberger
> Fix For: Form Based Authentication 1.0.2, Auth Core 1.0.4
>
>
> Posting:
> j_username=<some gibberish>
> j_password=<some gibberish>
> j_validate=true
> Returns status 200 and the HTML for the auth page. Looking at the sessionInfo.json shows me that I'm authenticated as anonymous, as intended, but the docs say I should have received a status code 403.
> Authenticating as a known user does indeed work as intended.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.