You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/02/15 10:09:27 UTC

[jira] Resolved: (SLING-1375) Allow authentication handlers to return information about failed authentication extraction

     [ https://issues.apache.org/jira/browse/SLING-1375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger resolved SLING-1375.
--------------------------------------

    Resolution: Fixed

In Rev. 910182 added new FAIL_AUTH constant to allow for providing feedback about failed credentials extraction -- this is of course not the same as "no credentials in the request". If FAIL_AUTH is returned, this means credentials for the handler are in fact present in the request, but they are invallid, for example because the have expired or they fail to validate.

Also included in this is an ehnanchment of the AuthenticationInfo class to mark the specialized setters and getters as final and to ensure the DOING_AUTH and FAIL_AUTH objects are read-only to prevent any concurrency issues while properties might be modified.

Finally, added unit tests for the AuthenticationInfo class.

> Allow authentication handlers to return information about failed authentication extraction
> ------------------------------------------------------------------------------------------
>
>                 Key: SLING-1375
>                 URL: https://issues.apache.org/jira/browse/SLING-1375
>             Project: Sling
>          Issue Type: New Feature
>          Components: Commons
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Commons Auth 1.0.0
>
>
> AuthenticationHandler implementations currently can only return either DOING_AUTH or a concrete AuthenticationInfo object from the extractCredentials method. Sometimes the credentials provided in the request may not be valid and authentication handlers may want to force reauthentication instead of just letting the request pass through as an anonymous request.
> Examples of such failures are the form based authentication handler encountering an authentication cookie which has expired or the OpenID authentication handler encountering a failed OpenID authentication.
> In such failure cases the authentication handler should be able to provide this information to the sling authenticator and allow the authenticator to restart the authentication procedure.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.