[jira] Resolved: (SLING-1375) Allow authentication handlers to return information about failed authentication extraction

Mon, 15 Feb 2010 01:09:54 -0800 

     [ 
https://issues.apache.org/jira/browse/SLING-1375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Felix Meschberger resolved SLING-1375.
--------------------------------------

    Resolution: Fixed

In Rev. 910182 added new FAIL_AUTH constant to allow for providing feedback 
about failed credentials extraction -- this is of course not the same as "no 
credentials in the request". If FAIL_AUTH is returned, this means credentials 
for the handler are in fact present in the request, but they are invallid, for 
example because the have expired or they fail to validate.

Also included in this is an ehnanchment of the AuthenticationInfo class to mark 
the specialized setters and getters as final and to ensure the DOING_AUTH and 
FAIL_AUTH objects are read-only to prevent any concurrency issues while 
properties might be modified.

Finally, added unit tests for the AuthenticationInfo class.

> Allow authentication handlers to return information about failed 
> authentication extraction
> ------------------------------------------------------------------------------------------
>
>                 Key: SLING-1375
>                 URL: https://issues.apache.org/jira/browse/SLING-1375
>             Project: Sling
>          Issue Type: New Feature
>          Components: Commons
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Commons Auth 1.0.0
>
>
> AuthenticationHandler implementations currently can only return either 
> DOING_AUTH or a concrete AuthenticationInfo object from the 
> extractCredentials method. Sometimes the credentials provided in the request 
> may not be valid and authentication handlers may want to force 
> reauthentication instead of just letting the request pass through as an 
> anonymous request.
> Examples of such failures are the form based authentication handler 
> encountering an authentication cookie which has expired or the OpenID 
> authentication handler encountering a failed OpenID authentication.
> In such failure cases the authentication handler should be able to provide 
> this information to the sling authenticator and allow the authenticator to 
> restart the authentication procedure.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to