Alexander Klimetschek created SLING-5448: --------------------------------------------
Summary: AuthenticationInfoPostProcessor javadoc misleading Key: SLING-5448 URL: https://issues.apache.org/jira/browse/SLING-5448 Project: Sling Issue Type: Bug Components: Authentication Affects Versions: Auth Core 1.3.12 Reporter: Alexander Klimetschek Currently, the [AuthenticationInfoPostProcessor javadoc says|https://github.com/apache/sling/blob/4bc090c5f8cb8ec8d6b1674176978e9a5feff503/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java#L25-L29]: {quote} Service interface which allows bundles to modify the AuthenticationInfo object after authentication has been performed. {quote} But that's pretty misleading, as "after authentication" actually means "one AuthenticationHandler has returned an AuthenticationInfo" object, but does not include the resource provider creations (e.g. JCR repository login). I suggest this instead: {quote} Service interface which allows bundles to modify the AuthenticationInfo object right after one authentication handler has returned it from extractCredentials() or for an anonymous AuthenticationInfo. It is called before the resource resolver is created and any authentication in the resource providers (such as JCR repository login) happens. As such it is useful to intercept responses from other AuthenticationHandlers and access or modify the AuthenticationInfo before they are actually used to create the resource resolver. {quote} -- This message was sent by Atlassian JIRA (v6.3.4#6332)