HTTP basic authentication not working in 2.5 #1330

Closed
knshiro opened this Issue Oct 3, 2012 · 0 comments

Comments

Projects
None yet
2 participants

knshiro commented Oct 3, 2012

Hello everyone,

When switching to Lift 2.5 my basic http authentication doesn't happen anymore and I have no idea why. I just switched back to 2.4 to confirm that it doesn't come from anything else and this is the case.
Here is my code:

LiftRules.httpAuthProtectedResource.prepend {
       case Req("api"::"post"::_, _, PostRequest) => Full(AuthRole("user"))
}

LiftRules.authentication = HttpBasicAuthentication("api") {
            case (username, password, req) => {
                authService.login(username,password) match {
                    case Full(user) => {
                        userRoles(AuthRole("user"))
                        true
                    }
                    case _ => {
                        false
                    }
                }
            }
        }

According to Diego, the server accepts authentication requests, it just doesn't send the 401 error to the browser when trying to access protected resources.

Thank you in advance

Project example here:
https://github.com/knshiro/lift-2.5-httpauthentication-broken

Discussion here
https://groups.google.com/d/topic/liftweb/ycybRSpibSk/discussion

@ghost ghost assigned fmpwizard Oct 3, 2012

@fmpwizard fmpwizard closed this in 8b527fc Oct 11, 2012

fmpwizard added a commit that referenced this issue Oct 24, 2012

Fixed #1330 - HTTP basic authentication not working in 2.5
we lost an important "else" in LiftServlet - (Thanks to Aditya Vishwakarma for pointing it out)

nafg added a commit that referenced this issue Oct 24, 2012

Merge branch 'master' into nafg_wip_scala210
* master:
  Css: Parse failures return ParamFailure, not Empty
  Only catch Exception
  Use ThreadLocalRandom in StringHelpers.randomString on Java 7.
  Fixed #1330 - HTTP basic authentication not working in 2.5
  Do not escape unnecessarily ranges which JSON spec does not require. Fix memoization
  Fix off-by one when escaping control char in JSON
  Added a method to release all the long polling connections
  Allow, once again, to bind anything that is convertable to NS=>NS
  Remove ToCssBindPromoter implicits in package object
  Make AjaxRequestInfo track a Long version id.
  Guard for JS number size overflows.
  Track sequence numbers of arbitrary length.
  Implement the meat of AJAX deduplication.
  Add tracking for AJAX requests in LiftSession.
  Drop the timeout on comet-related AJAX requests.
  Encode an AJAX request version in the request URI.
  Move uriSuffix extraction into lift_ajaxHandler.
  Fix deadlock in SoftReferenceCache apply function.
  Changed *Var backing store to concurrent hashmap
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment