[SLING-1375] Allow authentication handlers to return information about failed authentication extraction - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Auth Core 1.0.0
Component/s: Authentication
Labels:
None

Description

AuthenticationHandler implementations currently can only return either DOING_AUTH or a concrete AuthenticationInfo object from the extractCredentials method. Sometimes the credentials provided in the request may not be valid and authentication handlers may want to force reauthentication instead of just letting the request pass through as an anonymous request.

Examples of such failures are the form based authentication handler encountering an authentication cookie which has expired or the OpenID authentication handler encountering a failed OpenID authentication.

In such failure cases the authentication handler should be able to provide this information to the sling authenticator and allow the authenticator to restart the authentication procedure.

Attachments

Activity

People

Assignee:: Felix Meschberger

Reporter:: Felix Meschberger

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/Feb/10 07:58

Updated:: 27/Aug/10 08:50

Resolved:: 15/Feb/10 09:08