You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/01/19 12:42:54 UTC
[jira] Resolved: (SLING-1293) Impersonation failure not handled
properly
[ https://issues.apache.org/jira/browse/SLING-1293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-1293.
--------------------------------------
Resolution: Fixed
Implemented this guard in Rev. 900735. If impersonation fails, the request is processed as the primary authenticated user and impersonation handling is disabled.
> Impersonation failure not handled properly
> ------------------------------------------
>
> Key: SLING-1293
> URL: https://issues.apache.org/jira/browse/SLING-1293
> Project: Sling
> Issue Type: Bug
> Components: Commons
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Commons Auth 1.0.0
>
>
> If impersonation fails, the sling authenticator acts the same as if the primary authentication would fail, that is calling the login() method selecting an authentication handle to request credentials with.
> This is unexpected behaviour and there is no indication, that impersonation failed but primary authentication succeeded.
> It would be better to either disable impersonation after the failure (or to fail the request with a proper status, e.g. 403/FORBIDDEN).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.