Allow authentication handlers to return information about failed authentication
extraction
------------------------------------------------------------------------------------------
Key: SLING-1375
URL: https://issues.apache.org/jira/browse/SLING-1375
Project: Sling
Issue Type: New Feature
Components: Commons
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Commons Auth 1.0.0
AuthenticationHandler implementations currently can only return either
DOING_AUTH or a concrete AuthenticationInfo object from the extractCredentials
method. Sometimes the credentials provided in the request may not be valid and
authentication handlers may want to force reauthentication instead of just
letting the request pass through as an anonymous request.
Examples of such failures are the form based authentication handler
encountering an authentication cookie which has expired or the OpenID
authentication handler encountering a failed OpenID authentication.
In such failure cases the authentication handler should be able to provide this
information to the sling authenticator and allow the authenticator to restart
the authentication procedure.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
