[
https://issues.apache.org/jira/browse/GERONIMO-4781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12737969#action_12737969
]
David Jencks commented on GERONIMO-4781:
----------------------------------------
I wrote a test to try to understand this better...
framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/FlagsMeaningTest.java
The only time it makes a difference whether we return false or throw an
exception is if the login module is marked REQUIRED or REQUISITE. I'm really
not sure how to proceed here. I'm pretty sure it doesn't make a lot of
difference because just about any desired behavior can be configured with the
flags.
> Not getting the callbacks filled in means the logn module should be ignored,
> not an auth failure.
> -------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-4781
> URL: https://issues.apache.org/jira/browse/GERONIMO-4781
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.2
>
>
> I think our loign module have another problem.
> Suppose you have 2 login modules configured in a realm, either one of which
> is sufficitent to authenticate. They use different kinds of callbacks.
> Given a callback handler that accepts callbacks for one of the login mdoule
> but not the other, we want the one that doesn't get the info it needs to just
> say "I dunno" by returning false, not "login failure" by throwing an
> exception.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
