Eric Norman created SLING-7938:
----------------------------------
Summary: Add an option to prefer sending the reason_code as a
request parameter over the reason text when redirecting to the login page
Key: SLING-7938
URL: https://issues.apache.org/jira/browse/SLING-7938
Project: Sling
Issue Type: Improvement
Affects Versions: Form Based Authentication 1.0.10
Reporter: Eric Norman
Assignee: Eric Norman
Fix For: Form Based Authentication 1.0.12
Add a config option to the form authentication handler to prefer sending the
reason_code as a request parameter instead of the reason text when redirecting
to the login page.
Sending the reason code as a request parameter should be safer, especially if
your custom login page was echoing the reason text to the screen. The custom
login page script can then calculate the reason text to show in the UI by
matching the reason codes against the well-known failure reason codes and
fallback to some default reason text for anything invalid.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
