[jira] Created: (SLING-1314) Add support for login feedback from Authenticator to authentication handler

Mon, 25 Jan 2010 02:00:59 -0800 

Add support for login feedback from Authenticator to authentication handler
---------------------------------------------------------------------------

                 Key: SLING-1314
                 URL: https://issues.apache.org/jira/browse/SLING-1314
             Project: Sling
          Issue Type: New Feature
          Components: Commons
            Reporter: Felix Meschberger


There might be situations (or AuthenticationHandlers, actually), desiring to 
get feedback on the outcome of authentication after providing authentication 
credentials. At the moment this "feedback" is limited to the case of failed 
login when the SlingAuthenticator calls back into the AuthenticationHandler to 
request credentials. But this is only indirect feedback in the failure case.

I propose to extend the feedback transfer as follows:

  * Add AuthenticationFeedbackHandler interface with two methods:

          // called if authentication failed, handler is not expected to send 
response
          // since SlingAuthenticator will call requestCredentials
          void authenticationFailed(HttpServletRequest, HttpServletResponse, 
AuthenticationInfo)

          // called if authentication succeeded, handler may write into the 
response
          // particularly setting a cookie or the like is possible here
          void authenticationSucceeded(HttpServletRequest, HttpServletResponse, 
AuthenticationInfo)

  * Add  two methods to the AuthenticationInfo class to pass in a feedback 
handler:

          // May be called by the AuthenticationHandler to request feedback on 
the authentication
          void setAuthenticationFeedbackHandler(AuthenticationFeedbackHandler)

          // forward to configured feedback handler, ignored if none
          void authenticationFailed(HttpServletRequest, HttpServletResponse)

          // forward to configured feedback handler or handle redirect request 
if none
          void authenticationSucceeded(HttpServletRequest, HttpServletResponse)

  * SlingAuthenticator calls the new AuthenticationInfo methods on success or 
failure after login

  * The default behaviour of the AuthenticationInfo.authenticationSucceeded is 
to redirect to a desired target. This moves the 
SlingAuthenticator.handleRedirect method to a (probably) new static method, 
which is called by the AuthenticationInfo class and which may also be called by 
any implementation of the AuthenticationFeedbackHandler.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to