You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2009/11/19 08:21:40 UTC

[jira] Commented: (SLING-1196) Sling Authentication - SlingAuthenticator hides LoginFailure reason

    [ https://issues.apache.org/jira/browse/SLING-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12779850#action_12779850 ] 

Felix Meschberger commented on SLING-1196:
------------------------------------------

Yes, makes sense, though I would not but the login exception as a whole but rather the message of the exception (which may well be null !).

> Sling Authentication - SlingAuthenticator hides LoginFailure reason
> -------------------------------------------------------------------
>
>                 Key: SLING-1196
>                 URL: https://issues.apache.org/jira/browse/SLING-1196
>             Project: Sling
>          Issue Type: Improvement
>          Components: Engine
>    Affects Versions: Engine 2.0.6
>            Reporter: Hakim Sadikali
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> The SlingAuthenticator does not provide the handler with the reason a login failed, it only logs the reason and proceeds to try again:
> // request authentication information and send 403 (Forbidden)
>             // if no handler can request authentication information.
>             log.info("authenticate: Unable to authenticate: {}",
>                 reason.getMessage());
>             log.debug("authenticate", reason);
>             login(request, response);
> Applications often want to provide more detailed information to the end user, username not found, password does not match username etc.   
> An easy solution would be to put the LoginException in the request for the login handler to have access to it, and then remove it after the login handler has processed the request - works but not particularly elegant.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.