You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/01/19 12:42:54 UTC

[jira] Resolved: (SLING-1293) Impersonation failure not handled properly

     [ https://issues.apache.org/jira/browse/SLING-1293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger resolved SLING-1293.
--------------------------------------

    Resolution: Fixed

Implemented this guard in Rev. 900735. If impersonation fails, the request is processed as the primary authenticated user and impersonation handling is disabled.

> Impersonation failure not handled properly
> ------------------------------------------
>
>                 Key: SLING-1293
>                 URL: https://issues.apache.org/jira/browse/SLING-1293
>             Project: Sling
>          Issue Type: Bug
>          Components: Commons
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Commons Auth 1.0.0
>
>
> If impersonation fails, the sling authenticator acts the same as if the primary authentication would fail, that is calling the login() method selecting an authentication handle to request credentials with.
> This is unexpected behaviour and there is no indication, that impersonation failed but primary authentication succeeded.
> It would be better to either disable impersonation after the failure (or to fail the request with a proper status, e.g. 403/FORBIDDEN).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.