inets patch on basic authentication

Peter Lund erlang@REDACTED
Tue Apr 12 09:51:00 CEST 2005


To get basic authentication to work better in inets you (OTP) should 
apply this
patch to the file mod_auth.erl in the latest inets 4.3.1 in (OTP R10B-4).

The problem fixed is that the current inets only pops up the basic 
window on the client browser once, not every time when the user supplies 
a bad
user/password combination. This bug forces the user to kill the browser 
after a failed login attempt, before the user may try to login again. 
This is what this
fix fixes. With this patch inets sends the "WWW-Authenticate" header 
every time
the user fails to login correctly.

It works with my mnesia based authentication. If it also fixes the same 
problem for
the file based authentication version I do not know. I have not tested 
it. Please do.

[peterl@REDACTED OTPpatch]$ diff mod_auth.erl.otp mod_auth.erl
<                   case httpd_util:key1search(DirectoryData, auth_name) of
<                       undefined ->
<                           {status,{500, none,
<                                    ?NICE("AuthName directive"
<                                          "not specified")}};
<                       Realm ->
<                           {authorization_required, Realm}
<                   end;
 >                   authorization_required(DirectoryData);
<                           {authorization_failed, Reason};
 >                           authorization_required(DirectoryData);
 > authorization_required(DirectoryData) ->
 >     case httpd_util:key1search(DirectoryData, auth_name) of
 >       undefined ->
 >           {status,{500, none,?NICE("AuthName directive not specified")}};
 >       Realm ->
 >           {authorization_required, Realm}
 >     end.
[peterl@REDACTED OTPpatch]$

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mod_auth.erl
URL: <>

More information about the erlang-questions mailing list