thanks for your reply, although I did read the javadoc ;-) The name of the method is extractCredentials, so I would expect it to do no more than that. Either the credentials are in the request or they are not, which is reflected in the return value. I was wondering in which case an auth handler would want to manipulate the response. Any e.g.?
> -----Original Message----- > From: Alexander Klimetschek [mailto:[email protected]] > Sent: Tuesday, May 18, 2010 12:39 PM > To: [email protected] > Subject: Re: why does AuthenticationHandler#extractCredentials require > the HttpServletResponse parameter? > > > On Tue, May 18, 2010 at 10:34, Clemens Wyss > <[email protected]> wrote: > > in which use case is the (HTTPServlet)response of relevance > for extracting the credentials? > > See the javadoc of that argument: > > "The response object which may be used to send the information on the > request failure to the user." > > Regards, > Alex > > -- > Alexander Klimetschek > [email protected] >
