You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Antonio Sanso (JIRA)" <ji...@apache.org> on 2015/06/08 13:37:00 UTC

[jira] [Assigned] (SLING-4785) sling.auth.requirements is ignored on expired credentials

     [ https://issues.apache.org/jira/browse/SLING-4785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Antonio Sanso reassigned SLING-4785:
------------------------------------

    Assignee: Antonio Sanso

> sling.auth.requirements is ignored on expired credentials
> ---------------------------------------------------------
>
>                 Key: SLING-4785
>                 URL: https://issues.apache.org/jira/browse/SLING-4785
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>            Reporter: Antonio Sanso
>            Assignee: Antonio Sanso
>
> Let's assume the following scenario:
> A sling application has an sling.auth.requirements that contains {{-/content/noauthenticationrequired.html}}
> An user obtained a valid sling credentials that last 1 hour. The credentials is e.g. a token stored in the cookie.
> If the user try to hit {{localhost:8080/content/noauthenticationrequired.html}} with the expired crendentials (e.g. 2 hours after the authentication} the login page is shown.
> Expected behavior is instead the resource {{/content/noauthenticationrequired.html}} should be displayed.
> Patch to follow



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)