Sling Authentication - SlingAuthenticator hides LoginFailure reason
-------------------------------------------------------------------
Key: SLING-1196
URL: https://issues.apache.org/jira/browse/SLING-1196
Project: Sling
Issue Type: Improvement
Components: Engine
Affects Versions: Engine 2.0.6
Reporter: Hakim Sadikali
The SlingAuthenticator does not provide the handler with the reason a login
failed, it only logs the reason and proceeds to try again:
// request authentication information and send 403 (Forbidden)
// if no handler can request authentication information.
log.info("authenticate: Unable to authenticate: {}",
reason.getMessage());
log.debug("authenticate", reason);
login(request, response);
Applications often want to provide more detailed information to the end user,
username not found, password does not match username etc.
An easy solution would be to put the LoginException in the request for the
login handler to have access to it, and then remove it after the login handler
has processed the request - works but not particularly elegant.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
