[
https://issues.apache.org/jira/browse/SLING-5448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler updated SLING-5448:
------------------------------------
Fix Version/s: Auth Core 1.4.10
> AuthenticationInfoPostProcessor javadoc misleading
> --------------------------------------------------
>
> Key: SLING-5448
> URL: https://issues.apache.org/jira/browse/SLING-5448
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.3.12
> Reporter: Alexander Klimetschek
> Assignee: Carsten Ziegeler
> Priority: Major
> Fix For: Auth Core 1.4.10
>
>
> Currently, the [AuthenticationInfoPostProcessor javadoc
> says|https://github.com/apache/sling/blob/4bc090c5f8cb8ec8d6b1674176978e9a5feff503/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java#L25-L29]:
> {quote}
> Service interface which allows bundles to modify the AuthenticationInfo
> object after authentication has been performed.
> {quote}
> But that's pretty misleading, as "after authentication" actually means "one
> AuthenticationHandler has returned an AuthenticationInfo" object, but does
> not include the resource provider creations (e.g. JCR repository login),
> which are often understood as part of authentication too.
> I suggest this instead:
> {quote}
> Service interface which allows bundles to modify the AuthenticationInfo
> object right after one authentication handler has returned it from
> extractCredentials() or for an anonymous AuthenticationInfo. It is called
> before the resource resolver is created and any authentication in the
> resource providers (such as JCR repository login) happens.
> As such it is useful to intercept responses from other AuthenticationHandlers
> and access or modify the AuthenticationInfo before they are actually used to
> create the resource resolver.
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
