You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ju...@apache.org on 2010/06/23 02:11:04 UTC

svn commit: r957088 - /sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java

Author: justin
Date: Wed Jun 23 00:11:04 2010
New Revision: 957088

URL: http://svn.apache.org/viewvc?rev=957088&view=rev
Log:
SLING-1570 - sending 401 on dropCredentials only if the Authorization header is set

Modified:
    sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java

Modified: sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java?rev=957088&r1=957087&r2=957088&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java (original)
+++ sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java Wed Jun 23 00:11:04 2010
@@ -254,7 +254,9 @@ public class AuthorizationHeaderAuthenti
      */
     public void dropCredentials(HttpServletRequest request,
             HttpServletResponse response) {
-        sendUnauthorized(response);
+        if (request.getHeader(HEADER_AUTHORIZATION) != null) {
+            sendUnauthorized(response);
+        }
     }
 
     /**