On Tue, May 18, 2010 at 14:23, Clemens Wyss <[email protected]> wrote: > thanks for your reply, although I did read the javadoc ;-) > > The name of the method is extractCredentials, so I would expect it to do no > more than that. Either the credentials are in the request or they are not, > which is reflected in the return value. I was wondering in which case an auth > handler would want to manipulate the response. Any e.g.?
extractCredentials() sometimes needs to do more than just plain extraction, and this logic is not generic but depends on the specific authentication mechanism. Typically it might send some responses back to the client, while returning AuthenticationInfo.DOING_AUTH. The OpenID auth handler does that, for example: http://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java Regards, Alex -- Alexander Klimetschek [email protected]
