Dominique Jäggi created OAK-1942:
------------------------------------
Summary: UserAuthentication: enhance login states with relevant
exceptions
Key: OAK-1942
URL: https://issues.apache.org/jira/browse/OAK-1942
Project: Jackrabbit Oak
Issue Type: Improvement
Components: security
Affects Versions: 1.0.1, 1.0
Reporter: Dominique Jäggi
Priority: Minor
Fix For: 1.1
Currently _UserAuthentication_ throws generalized _LoginException_s upon
encountering certain login states: user is disabled, user is a group.
Additionally, upon encountering a userId/password mismatch, no exception is
thrown but instead false is returned (Causing the login module to again throw a
LoginException). This is contrary to the API contract of the _authenticate_
method which states "true if the validation was successful; false if the
specified credentials are not supported and this authentication implementation
cannot verify their validity.". A userId/password mismatch means that the
credentials are supported and *have been* verified and found invalid.
I therefore suggest to detail login states and fix the contract issue by
throwing relevant exceptions (e.g. _AccountNotFoundException_,
_FailedLoginException_, et al).
Through the exceptions consumers can react to various login states in a more
detailed fashion and support the user through differentiated processes.
Deeper analysis of how this affects various login modules may be required with
corresponding test coverage.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
