Ray Krueger wrote:
Just to elaborate, the goal of adding AuthenticationException and AccessDeniedException to AuthenticationEntryPoint.commence and SecurityEnforcementFilter.sendAccessDeniedError respectively is so that HTTP response codes (eg 403/forbidden and 401/unauthorized) can be populated with a more detailed message if desired.I spoke with Ben off-list on IM. We'd like some more input on this before I commit all the changes...
These are the two overall changes, copy and paste from my notes.
Added AuthenticationException to the commence method signature of the AutenticationEntryPoint. The best example of this is the BasicProcessingFilterEntryPoint where the authException.getMessage() is used to send back an informative 401, instead of just the error code.
Added AccessDeniedException to the sendAccessDeniedError method signature. The accessDeniedException.getMessage() result is used to send an invormative 403 error back to the servletResponse by default.
I've already made all the changes locally. Javadoc, tests, all the usual suspects. All tests pass.
Pretty simple really.
-Ray
I suspect few people have written an AuthenticationEntryPoint, and even fewer who have subclassed SecurityEnforcementFilter, so the lack of backward compatibility I hope is not much of an issue. People can ignore the exception information if they want, and simply update their method signatures. The trade-off is probably worth it for more descriptive default error responses.
Any issues, please let the list know.
Best regards Ben
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
