[
https://issues.apache.org/jira/browse/SLING-1375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-1375:
-------------------------------------
Component/s: Authentication
(was: Commons)
> Allow authentication handlers to return information about failed
> authentication extraction
> ------------------------------------------------------------------------------------------
>
> Key: SLING-1375
> URL: https://issues.apache.org/jira/browse/SLING-1375
> Project: Sling
> Issue Type: New Feature
> Components: Authentication
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Auth Core 1.0.0
>
>
> AuthenticationHandler implementations currently can only return either
> DOING_AUTH or a concrete AuthenticationInfo object from the
> extractCredentials method. Sometimes the credentials provided in the request
> may not be valid and authentication handlers may want to force
> reauthentication instead of just letting the request pass through as an
> anonymous request.
> Examples of such failures are the form based authentication handler
> encountering an authentication cookie which has expired or the OpenID
> authentication handler encountering a failed OpenID authentication.
> In such failure cases the authentication handler should be able to provide
> this information to the sling authenticator and allow the authenticator to
> restart the authentication procedure.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
