You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/09/17 15:01:41 UTC
[jira] Resolved: (SLING-1196) Sling Authentication -
SlingAuthenticator hides LoginFailure reason
[ https://issues.apache.org/jira/browse/SLING-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-1196.
--------------------------------------
Assignee: Felix Meschberger
Resolution: Won't Fix
So we resolve this issue as won't fix in light of the solution implemented with SLING-1783
> Sling Authentication - SlingAuthenticator hides LoginFailure reason
> -------------------------------------------------------------------
>
> Key: SLING-1196
> URL: https://issues.apache.org/jira/browse/SLING-1196
> Project: Sling
> Issue Type: Improvement
> Components: Authentication
> Reporter: Hakim Sadikali
> Assignee: Felix Meschberger
> Attachments: SlingAuthenticator.java
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> The SlingAuthenticator does not provide the handler with the reason a login failed, it only logs the reason and proceeds to try again:
> // request authentication information and send 403 (Forbidden)
> // if no handler can request authentication information.
> log.info("authenticate: Unable to authenticate: {}",
> reason.getMessage());
> log.debug("authenticate", reason);
> login(request, response);
> Applications often want to provide more detailed information to the end user, username not found, password does not match username etc.
> An easy solution would be to put the LoginException in the request for the login handler to have access to it, and then remove it after the login handler has processed the request - works but not particularly elegant.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.