[SLING-1293] Impersonation failure not handled properly - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Auth Core 1.0.0
Component/s: Authentication
Labels:
None

Description

If impersonation fails, the sling authenticator acts the same as if the primary authentication would fail, that is calling the login() method selecting an authentication handle to request credentials with.

This is unexpected behaviour and there is no indication, that impersonation failed but primary authentication succeeded.

It would be better to either disable impersonation after the failure (or to fail the request with a proper status, e.g. 403/FORBIDDEN).

Attachments

Activity

People

Assignee:: Felix Meschberger

Reporter:: Felix Meschberger

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 19/Jan/10 08:52

Updated:: 27/Aug/10 08:50

Resolved:: 19/Jan/10 11:41