You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2008/01/18 15:08:33 UTC
[jira] Closed: (SLING-4) AuthenticationFilter only logs
RepositoryException, without rethrowing it
[ https://issues.apache.org/jira/browse/SLING-4?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger closed SLING-4.
---------------------------------
Resolution: Fixed
Implemented the proposed behaviour in Rev. 613168.
> AuthenticationFilter only logs RepositoryException, without rethrowing it
> -------------------------------------------------------------------------
>
> Key: SLING-4
> URL: https://issues.apache.org/jira/browse/SLING-4
> Project: Sling
> Issue Type: Improvement
> Components: Core
> Reporter: Felix Meschberger
>
> Currently org.apache.sling.core.impl.auth.AuthenticationFilter eats some exceptions, or more precisely only logs them, without rethrowing them.
> For example:
> } catch (RepositoryException re) {
> log.error("Unable to authenticate: {}", re.getMessage());
> }
> At the application level this means that, if a Repository is not available, the user's login is refused as if a wrong password had been entered, without any mention of the Repository problem at the user level.
> I'm not sure about all the implications, but it might be good for AuthenticationFilter to rethrow more exceptions, to differentiate between pure authentication problems and other problems.
> I am not sure, whether we want to throw implementation details such as a non-available repository into his face (remember those great sites, which present
> MS ODBC messages to the innocent user :-) )
> On the other hand something like an javax.servlet.UnavailableException might be usefull - though this exception is intended to be thrown by the init method (IIRC). Only logging the message is not usefull either.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.