[
https://issues.apache.org/jira/browse/SLING-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger resolved SLING-1196.
--------------------------------------
Assignee: Felix Meschberger
Resolution: Won't Fix
So we resolve this issue as won't fix in light of the solution implemented with
SLING-1783
> Sling Authentication - SlingAuthenticator hides LoginFailure reason
> -------------------------------------------------------------------
>
> Key: SLING-1196
> URL: https://issues.apache.org/jira/browse/SLING-1196
> Project: Sling
> Issue Type: Improvement
> Components: Authentication
> Reporter: Hakim Sadikali
> Assignee: Felix Meschberger
> Attachments: SlingAuthenticator.java
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> The SlingAuthenticator does not provide the handler with the reason a login
> failed, it only logs the reason and proceeds to try again:
> // request authentication information and send 403 (Forbidden)
> // if no handler can request authentication information.
> log.info("authenticate: Unable to authenticate: {}",
> reason.getMessage());
> log.debug("authenticate", reason);
> login(request, response);
> Applications often want to provide more detailed information to the end user,
> username not found, password does not match username etc.
> An easy solution would be to put the LoginException in the request for the
> login handler to have access to it, and then remove it after the login
> handler has processed the request - works but not particularly elegant.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
