[
https://issues.apache.org/jira/browse/SLING-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12779850#action_12779850
]
Felix Meschberger commented on SLING-1196:
------------------------------------------
Yes, makes sense, though I would not but the login exception as a whole but
rather the message of the exception (which may well be null !).
> Sling Authentication - SlingAuthenticator hides LoginFailure reason
> -------------------------------------------------------------------
>
> Key: SLING-1196
> URL: https://issues.apache.org/jira/browse/SLING-1196
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Affects Versions: Engine 2.0.6
> Reporter: Hakim Sadikali
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> The SlingAuthenticator does not provide the handler with the reason a login
> failed, it only logs the reason and proceeds to try again:
> // request authentication information and send 403 (Forbidden)
> // if no handler can request authentication information.
> log.info("authenticate: Unable to authenticate: {}",
> reason.getMessage());
> log.debug("authenticate", reason);
> login(request, response);
> Applications often want to provide more detailed information to the end user,
> username not found, password does not match username etc.
> An easy solution would be to put the LoginException in the request for the
> login handler to have access to it, and then remove it after the login
> handler has processed the request - works but not particularly elegant.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
