You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by Peter Chiochetti <pc...@myzel.net> on 2009/09/25 17:26:23 UTC

Allow login to fail

The /system/sling/login works perfectly fine as long as I am entering 
the credentials correctly, but when I give wrong credentials, eg. by a 
typing error, I get a page that leaves the user wondering - it says:

> HTTP ERROR 200
>
> Problem accessing /system/sling/login. Reason:
>
>     OK
>
> Powered by Jetty://

That response page is sent with http status code 200 instead of code 
401. The browser therefore cannot know that authorization has been 
refused. All subsequent requests for any resource will display the same 
page. To get a new chance to enter credentials correctly the user has to 
restart the browser (closing all open windows/tabs).

The server runs a current trunk svn snapshot launchpad jar. In config 
manager "Apache Sling Request Authenticator" I unchecked "Allow 
Anonymous Access". Observed both with firefox 3.5 and IE 8.

Please advise how to get the usual behaviour: let the browser redisplay 
the login prompt until successful or display a message describing the 
failure when the user cancels the prompt. I think using status 401 for 
the message should do both.

-- 
peter