You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2009/12/03 15:45:20 UTC
[jira] Resolved: (SLING-1220) [httpauth] Providing illegal
credentials is not properly reported
[ https://issues.apache.org/jira/browse/SLING-1220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-1220.
--------------------------------------
Resolution: Fixed
Committed a fix in Rev. 886796 (see subversion log)
> [httpauth] Providing illegal credentials is not properly reported
> -----------------------------------------------------------------
>
> Key: SLING-1220
> URL: https://issues.apache.org/jira/browse/SLING-1220
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Extensions httpauth 2.0.4
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Extensions httpauth 2.0.6
>
>
> When providing illegal credentials in the login form, the form is silently redrawn without any indication as to what the problem is.
> The cause is the cooperation with the login form and the HTTP Header Authentication handler: The login form provides a parameter for the handler to identify the request as coming from the login form as an Ajax request.
> If this parameter is set when the requestAuthentication method is called, the response should be indicative of the login failure. And the client side script should identify this failure and display a message.
> The mechanism to convey this problem is sending a 403/FORBIDDEN status, which may be caught by the client side script and display the message. We do not use a 401/UNAUTHORIZED in this case, because this is caught by the browser causing the browser to display the standard login box.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.