Ray Krueger wrote:
I spoke with Ben off-list on IM. We'd like some more input on this
before I commit all the changes...
These are the two overall changes, copy and paste from my notes.
Added AuthenticationException to the commence method signature of the
AutenticationEntryPoint. The best example of this
is the BasicProcessingFilterEntryPoint where the
authException.getMessage() is used to send back an informative 401,
instead of just the error code.
Added AccessDeniedException to the sendAccessDeniedError method
signature. The accessDeniedException.getMessage() result
is used to send an invormative 403 error back to the servletResponse by default.
I've already made all the changes locally. Javadoc, tests, all the
usual suspects. All tests pass.
Pretty simple really.
-Ray
Just to elaborate, the goal of adding AuthenticationException and
AccessDeniedException to AuthenticationEntryPoint.commence and
SecurityEnforcementFilter.sendAccessDeniedError respectively is so that
HTTP response codes (eg 403/forbidden and 401/unauthorized) can be
populated with a more detailed message if desired.
I suspect few people have written an AuthenticationEntryPoint, and even
fewer who have subclassed SecurityEnforcementFilter, so the lack of
backward compatibility I hope is not much of an issue. People can ignore
the exception information if they want, and simply update their method
signatures. The trade-off is probably worth it for more descriptive
default error responses.
Any issues, please let the list know.
Best regards
Ben
---
SF email is sponsored by - The IT Product Guide
Read honest candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
