Affects Version/s: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
Fix Version/s: None
Issue & fix info:Newcomer, Repro attached
Bug behavior facts:Security
Ideally no authentication attempt should be made because the user identifier is invalid.
E.g. with this URL
the connection attempt will correctly fail but only after the authentication mechanism is called.
If the application has installed its own UserAuthenticator class then that class will be called with an invalid identifier.
I believe that the connection request should fail before calling any authentication, developers should only be required
to handle valid identifiers.
|Field||Original Value||New Value|
|Component/s||Security [ 11411 ]|
|Component/s||Services [ 11415 ]|
|Issue & fix info||[Newcomer, Repro attached]|
|Workflow||jira [ 12405239 ]||Default workflow, editable Closed status [ 12802110 ]|