[
https://issues.apache.org/jira/browse/SLING-1314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12804776#action_12804776
]
Mike Müller commented on SLING-1314:
------------------------------------
I agree on the possible need of knowing the outcome of authentication after
providing authentication credentials.
But I think it's not very natural to register for the feedback on the returning
AuthenticationInfo object. IMHO AuthenticationInfo should be just what the name
promises - a plain data object.
Maybe we could insert this functionality by extend the new
AuthenticationHandlers interface (the decision to make it independent of the
old AuthenticationHandlers also was driven by the possibility of future
add-ons).
My second proposal (which I would prefer) would be to create the new proposed
AuthenticationFeedbackHandler interface and similar to the
AuthenticationHandler give the possibility to register it as service on a given
path. So a AuthenticationHandler can register himself also as
AuthenticationFeedbackHandler in the same step (if needed). If no
AuthenticationFeedbackHandler is registered at a given path the default
AuthenticationFeedbackHandler will be taken which would implement the default
behavour.
> Add support for login feedback from Authenticator to authentication handler
> ---------------------------------------------------------------------------
>
> Key: SLING-1314
> URL: https://issues.apache.org/jira/browse/SLING-1314
> Project: Sling
> Issue Type: New Feature
> Components: Commons
> Reporter: Felix Meschberger
>
> There might be situations (or AuthenticationHandlers, actually), desiring to
> get feedback on the outcome of authentication after providing authentication
> credentials. At the moment this "feedback" is limited to the case of failed
> login when the SlingAuthenticator calls back into the AuthenticationHandler
> to request credentials. But this is only indirect feedback in the failure
> case.
> I propose to extend the feedback transfer as follows:
> * Add AuthenticationFeedbackHandler interface with two methods:
> // called if authentication failed, handler is not expected to send
> response
> // since SlingAuthenticator will call requestCredentials
> void authenticationFailed(HttpServletRequest, HttpServletResponse,
> AuthenticationInfo)
> // called if authentication succeeded, handler may write into the
> response
> // particularly setting a cookie or the like is possible here
> void authenticationSucceeded(HttpServletRequest,
> HttpServletResponse, AuthenticationInfo)
> * Add two methods to the AuthenticationInfo class to pass in a feedback
> handler:
> // May be called by the AuthenticationHandler to request feedback
> on the authentication
> void setAuthenticationFeedbackHandler(AuthenticationFeedbackHandler)
> // forward to configured feedback handler, ignored if none
> void authenticationFailed(HttpServletRequest, HttpServletResponse)
> // forward to configured feedback handler or handle redirect
> request if none
> void authenticationSucceeded(HttpServletRequest,
> HttpServletResponse)
> * SlingAuthenticator calls the new AuthenticationInfo methods on success or
> failure after login
> * The default behaviour of the AuthenticationInfo.authenticationSucceeded
> is to redirect to a desired target. This moves the
> SlingAuthenticator.handleRedirect method to a (probably) new static method,
> which is called by the AuthenticationInfo class and which may also be called
> by any implementation of the AuthenticationFeedbackHandler.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
