in src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java [1022:1077]
private void doLogin(HttpServletRequest request,
HttpServletResponse response) {
if (!AuthUtil.isValidateRequest(request)) {
if (AuthUtil.isBrowserRequest(request)) {
if (!AuthUtil.isAjaxRequest(request) && !isLoginLoop(request)) {
try {
login(request, response);
return;
} catch (IllegalStateException ise) {
log.error("doLogin: Cannot login: Response already committed");
return;
} catch (NoAuthenticationHandlerException nahe) {
/*
* Don't set the failureReason for missing
* authentication handlers to not disclose this setup
* information.
*/
log.error("doLogin: Cannot login: No AuthenticationHandler available to handle the request");
}
}
} else {
// Presumably this is WebDAV. If HTTP Basic is fully enabled or
// enabled for preemptive credential support, we just request
// HTTP Basic credentials. Otherwise (HTTP Basic is fully
// switched off, 403 is sent back)
if (httpBasicHandler != null) {
httpBasicHandler.sendUnauthorized(response);
return;
}
}
}
// if we are here, we cannot redirect to the login form because it is
// an XHR request or because there is no authentication handler willing
// request credentials from the client or because it is a failed
// credential validation
// ensure a failure reason
ensureAttribute(request, AuthenticationHandler.FAILURE_REASON,
"Authentication Failed");
AuthUtil.sendInvalid(request, response);
}