You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2020/08/05 13:30:00 UTC

[jira] [Resolved] (SLING-5448) AuthenticationInfoPostProcessor javadoc misleading

     [ https://issues.apache.org/jira/browse/SLING-5448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Carsten Ziegeler resolved SLING-5448.
-------------------------------------
    Resolution: Fixed

Finally updated the javadoc as suggested

> AuthenticationInfoPostProcessor javadoc misleading
> --------------------------------------------------
>
>                 Key: SLING-5448
>                 URL: https://issues.apache.org/jira/browse/SLING-5448
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.3.12
>            Reporter: Alexander Klimetschek
>            Assignee: Carsten Ziegeler
>            Priority: Major
>             Fix For: Auth Core 1.5.0
>
>
> Currently, the [AuthenticationInfoPostProcessor javadoc says|https://github.com/apache/sling/blob/4bc090c5f8cb8ec8d6b1674176978e9a5feff503/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java#L25-L29]:
> {quote}
> Service interface which allows bundles to modify the AuthenticationInfo object after authentication has been performed.
> {quote}
> But that's pretty misleading, as "after authentication" actually means "one AuthenticationHandler has returned an AuthenticationInfo" object, but does not include the resource provider creations (e.g. JCR repository login), which are often understood as part of authentication too.
> I suggest this instead:
> {quote}
> Service interface which allows bundles to modify the AuthenticationInfo object right after one authentication handler has returned it from extractCredentials() or for an anonymous AuthenticationInfo. It is called before the resource resolver is created and any authentication in the resource providers (such as JCR repository login) happens.
> As such it is useful to intercept responses from other AuthenticationHandlers and access or modify the AuthenticationInfo before they are actually used to create the resource resolver.
> {quote}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)