You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by Clemens Wyss <cl...@mysign.ch> on 2010/05/18 10:34:29 UTC
why does AuthenticationHandler#extractCredentials require the
HttpServletResponse parameter?
in which use case is the (HTTPServlet)response of relevance for extracting the credentials?
Thx
Clemens
Re: why does AuthenticationHandler#extractCredentials require the
HttpServletResponse parameter?
Posted by Alexander Klimetschek <ak...@day.com>.
On Tue, May 18, 2010 at 14:23, Clemens Wyss <cl...@mysign.ch> wrote:
> thanks for your reply, although I did read the javadoc ;-)
>
> The name of the method is extractCredentials, so I would expect it to do no more than that. Either the credentials are in the request or they are not, which is reflected in the return value. I was wondering in which case an auth handler would want to manipulate the response. Any e.g.?
extractCredentials() sometimes needs to do more than just plain
extraction, and this logic is not generic but depends on the specific
authentication mechanism. Typically it might send some responses back
to the client, while returning AuthenticationInfo.DOING_AUTH.
The OpenID auth handler does that, for example:
http://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java
Regards,
Alex
--
Alexander Klimetschek
alexander.klimetschek@day.com
RE: why does AuthenticationHandler#extractCredentials require the
HttpServletResponse parameter?
Posted by Clemens Wyss <cl...@mysign.ch>.
thanks for your reply, although I did read the javadoc ;-)
The name of the method is extractCredentials, so I would expect it to do no more than that. Either the credentials are in the request or they are not, which is reflected in the return value. I was wondering in which case an auth handler would want to manipulate the response. Any e.g.?
> -----Original Message-----
> From: Alexander Klimetschek [mailto:aklimets@day.com]
> Sent: Tuesday, May 18, 2010 12:39 PM
> To: dev@sling.apache.org
> Subject: Re: why does AuthenticationHandler#extractCredentials require
> the HttpServletResponse parameter?
>
>
> On Tue, May 18, 2010 at 10:34, Clemens Wyss
> <cl...@mysign.ch> wrote:
> > in which use case is the (HTTPServlet)response of relevance
> for extracting the credentials?
>
> See the javadoc of that argument:
>
> "The response object which may be used to send the information on the
> request failure to the user."
>
> Regards,
> Alex
>
> --
> Alexander Klimetschek
> alexander.klimetschek@day.com
>
Re: why does AuthenticationHandler#extractCredentials require the
HttpServletResponse parameter?
Posted by Alexander Klimetschek <ak...@day.com>.
On Tue, May 18, 2010 at 10:34, Clemens Wyss <cl...@mysign.ch> wrote:
> in which use case is the (HTTPServlet)response of relevance for extracting the credentials?
See the javadoc of that argument:
"The response object which may be used to send the information on the
request failure to the user."
Regards,
Alex
--
Alexander Klimetschek
alexander.klimetschek@day.com