[
https://issues.apache.org/jira/browse/SHINDIG-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12629355#action_12629355
]
Kevin Brown commented on SHINDIG-580:
-------------------------------------
Would it make more sense to have a chain of filters for auth rather than a
single filter? The standard filter programming model would allow exactly what
you need here, and I don't see any obvious disadvantages to doing it this way
other than the need to configure a few extra filters.
As a benefit, we could also eliminate the duplicated config between social-api
and gadgets.
> Authentication filter doesnt distinguish between no authentication and
> invalid authentication
> ---------------------------------------------------------------------------------------------
>
> Key: SHINDIG-580
> URL: https://issues.apache.org/jira/browse/SHINDIG-580
> Project: Shindig
> Issue Type: Improvement
> Components: Common Components (Java)
> Reporter: Louis Ryan
> Assignee: Louis Ryan
>
> The current mechanism implementation does'nt allow for the distinction
> between an unspecificed authentication mechanism and a specified but
> malformed one.
> Some authentication handlers may also need to initiate additional
> authentication steps via redirects & headers before allowing further access.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
