You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Kevin Brown (JIRA)" <ji...@apache.org> on 2008/09/09 02:59:44 UTC
[jira] Commented: (SHINDIG-580) Authentication filter doesnt
distinguish between no authentication and invalid authentication
[ https://issues.apache.org/jira/browse/SHINDIG-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12629355#action_12629355 ]
Kevin Brown commented on SHINDIG-580:
-------------------------------------
Would it make more sense to have a chain of filters for auth rather than a single filter? The standard filter programming model would allow exactly what you need here, and I don't see any obvious disadvantages to doing it this way other than the need to configure a few extra filters.
As a benefit, we could also eliminate the duplicated config between social-api and gadgets.
> Authentication filter doesnt distinguish between no authentication and invalid authentication
> ---------------------------------------------------------------------------------------------
>
> Key: SHINDIG-580
> URL: https://issues.apache.org/jira/browse/SHINDIG-580
> Project: Shindig
> Issue Type: Improvement
> Components: Common Components (Java)
> Reporter: Louis Ryan
> Assignee: Louis Ryan
>
> The current mechanism implementation does'nt allow for the distinction between an unspecificed authentication mechanism and a specified but malformed one.
> Some authentication handlers may also need to initiate additional authentication steps via redirects & headers before allowing further access.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.