[
https://issues.apache.org/jira/browse/SLING-1293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger closed SLING-1293.
------------------------------------
Close after release
> Impersonation failure not handled properly
> ------------------------------------------
>
> Key: SLING-1293
> URL: https://issues.apache.org/jira/browse/SLING-1293
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Auth Core 1.0.0
>
>
> If impersonation fails, the sling authenticator acts the same as if the
> primary authentication would fail, that is calling the login() method
> selecting an authentication handle to request credentials with.
> This is unexpected behaviour and there is no indication, that impersonation
> failed but primary authentication succeeded.
> It would be better to either disable impersonation after the failure (or to
> fail the request with a proper status, e.g. 403/FORBIDDEN).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
