[
https://issues.apache.org/jira/browse/SLING-1314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12804939#action_12804939
]
Felix Meschberger commented on SLING-1314:
------------------------------------------
I agree with your concerns, Mike.
And I think Carsten's compromise of taking the AuthenticationInfo out of the
equation for API extension is jsut fine and very simple.
In fact, I think it is more correct to call back the same AuthenticaitonHandler
after successfull or unsuccessfull login as was used to extract the credentials
in the first place is more appropriate than (potentially) calling back any
feedback handler, which may even be unrelated.
> Add support for login feedback from Authenticator to authentication handler
> ---------------------------------------------------------------------------
>
> Key: SLING-1314
> URL: https://issues.apache.org/jira/browse/SLING-1314
> Project: Sling
> Issue Type: New Feature
> Components: Commons
> Reporter: Felix Meschberger
>
> There might be situations (or AuthenticationHandlers, actually), desiring to
> get feedback on the outcome of authentication after providing authentication
> credentials. At the moment this "feedback" is limited to the case of failed
> login when the SlingAuthenticator calls back into the AuthenticationHandler
> to request credentials. But this is only indirect feedback in the failure
> case.
> I propose to extend the feedback transfer as follows:
> * Add AuthenticationFeedbackHandler interface with two methods:
> // called if authentication failed, handler is not expected to send
> response
> // since SlingAuthenticator will call requestCredentials
> void authenticationFailed(HttpServletRequest, HttpServletResponse,
> AuthenticationInfo)
> // called if authentication succeeded, handler may write into the
> response
> // particularly setting a cookie or the like is possible here
> void authenticationSucceeded(HttpServletRequest,
> HttpServletResponse, AuthenticationInfo)
> * Add two methods to the AuthenticationInfo class to pass in a feedback
> handler:
> // May be called by the AuthenticationHandler to request feedback
> on the authentication
> void setAuthenticationFeedbackHandler(AuthenticationFeedbackHandler)
> // forward to configured feedback handler, ignored if none
> void authenticationFailed(HttpServletRequest, HttpServletResponse)
> // forward to configured feedback handler or handle redirect
> request if none
> void authenticationSucceeded(HttpServletRequest,
> HttpServletResponse)
> * SlingAuthenticator calls the new AuthenticationInfo methods on success or
> failure after login
> * The default behaviour of the AuthenticationInfo.authenticationSucceeded
> is to redirect to a desired target. This moves the
> SlingAuthenticator.handleRedirect method to a (probably) new static method,
> which is called by the AuthenticationInfo class and which may also be called
> by any implementation of the AuthenticationFeedbackHandler.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
