[
https://issues.apache.org/jira/browse/SLING-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hakim Sadikali updated SLING-1196:
----------------------------------
Attachment: SlingAuthenticator.java
Patched the SlingAuthenticator to add functionality
> Sling Authentication - SlingAuthenticator hides LoginFailure reason
> -------------------------------------------------------------------
>
> Key: SLING-1196
> URL: https://issues.apache.org/jira/browse/SLING-1196
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Affects Versions: Engine 2.0.6
> Reporter: Hakim Sadikali
> Attachments: SlingAuthenticator.java
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> The SlingAuthenticator does not provide the handler with the reason a login
> failed, it only logs the reason and proceeds to try again:
> // request authentication information and send 403 (Forbidden)
> // if no handler can request authentication information.
> log.info("authenticate: Unable to authenticate: {}",
> reason.getMessage());
> log.debug("authenticate", reason);
> login(request, response);
> Applications often want to provide more detailed information to the end user,
> username not found, password does not match username etc.
> An easy solution would be to put the LoginException in the request for the
> login handler to have access to it, and then remove it after the login
> handler has processed the request - works but not particularly elegant.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
