[ https://issues.apache.org/jira/browse/SLING-1196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-1196. -------------------------------------- Assignee: Felix Meschberger Resolution: Won't Fix So we resolve this issue as won't fix in light of the solution implemented with SLING-1783 > Sling Authentication - SlingAuthenticator hides LoginFailure reason > ------------------------------------------------------------------- > > Key: SLING-1196 > URL: https://issues.apache.org/jira/browse/SLING-1196 > Project: Sling > Issue Type: Improvement > Components: Authentication > Reporter: Hakim Sadikali > Assignee: Felix Meschberger > Attachments: SlingAuthenticator.java > > Original Estimate: 2h > Remaining Estimate: 2h > > The SlingAuthenticator does not provide the handler with the reason a login > failed, it only logs the reason and proceeds to try again: > // request authentication information and send 403 (Forbidden) > // if no handler can request authentication information. > log.info("authenticate: Unable to authenticate: {}", > reason.getMessage()); > log.debug("authenticate", reason); > login(request, response); > Applications often want to provide more detailed information to the end user, > username not found, password does not match username etc. > An easy solution would be to put the LoginException in the request for the > login handler to have access to it, and then remove it after the login > handler has processed the request - works but not particularly elegant. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.