inets patch on basic authentication
Peter Lund
erlang@REDACTED
Tue Apr 12 09:51:00 CEST 2005
Hi,
To get basic authentication to work better in inets you (OTP) should
apply this
patch to the file mod_auth.erl in the latest inets 4.3.1 in (OTP R10B-4).
The problem fixed is that the current inets only pops up the basic
authentication
window on the client browser once, not every time when the user supplies
a bad
user/password combination. This bug forces the user to kill the browser
entirely
after a failed login attempt, before the user may try to login again.
This is what this
fix fixes. With this patch inets sends the "WWW-Authenticate" header
every time
the user fails to login correctly.
It works with my mnesia based authentication. If it also fixes the same
problem for
the file based authentication version I do not know. I have not tested
it. Please do.
[peterl@REDACTED OTPpatch]$ diff mod_auth.erl.otp mod_auth.erl
153,160c153
< case httpd_util:key1search(DirectoryData, auth_name) of
< undefined ->
< {status,{500, none,
< ?NICE("AuthName directive"
< "not specified")}};
< Realm ->
< {authorization_required, Realm}
< end;
---
> authorization_required(DirectoryData);
170c163
< {authorization_failed, Reason};
---
> authorization_required(DirectoryData);
180a174,181
> authorization_required(DirectoryData) ->
> case httpd_util:key1search(DirectoryData, auth_name) of
> undefined ->
> {status,{500, none,?NICE("AuthName directive not specified")}};
> Realm ->
> {authorization_required, Realm}
> end.
>
[peterl@REDACTED OTPpatch]$
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mod_auth.erl
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20050412/382282ff/attachment.ksh>
More information about the erlang-questions
mailing list