You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by "Kevin Brown (JIRA)" <ji...@apache.org> on 2008/09/09 02:59:44 UTC

[jira] Commented: (SHINDIG-580) Authentication filter doesnt distinguish between no authentication and invalid authentication

    [ https://issues.apache.org/jira/browse/SHINDIG-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12629355#action_12629355 ] 

Kevin Brown commented on SHINDIG-580:
-------------------------------------

Would it make more sense to have a chain of filters for auth rather than a single filter? The standard filter programming model would allow exactly what you need here, and I don't see any obvious disadvantages to doing it this way other than the need to configure a few extra filters.

As a benefit, we could also eliminate the duplicated config between social-api and gadgets.

> Authentication filter doesnt distinguish between no authentication and invalid authentication
> ---------------------------------------------------------------------------------------------
>
>                 Key: SHINDIG-580
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-580
>             Project: Shindig
>          Issue Type: Improvement
>          Components: Common Components (Java)
>            Reporter: Louis Ryan
>            Assignee: Louis Ryan
>
> The current mechanism implementation does'nt allow for the distinction between an unspecificed authentication mechanism and a specified but malformed one. 
> Some authentication handlers may also need to initiate additional authentication steps via redirects & headers before allowing further access. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.