[
https://issues.apache.org/jira/browse/SHINDIG-580?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paul Lindner resolved SHINDIG-580.
----------------------------------
Resolution: Fixed
Fix Version/s: trunk
This is exactly what I was looking for.. It's important for hi5 because we
allow anon access. When that's the case the caller doesn't know if their token
has expired...
This works pretty well, but I have a feeling we're going to need something
PAM-like with controlflags (requried, sufficient, satisfied, optional) and all
the rest..
> Authentication filter doesnt distinguish between no authentication and
> invalid authentication
> ---------------------------------------------------------------------------------------------
>
> Key: SHINDIG-580
> URL: https://issues.apache.org/jira/browse/SHINDIG-580
> Project: Shindig
> Issue Type: Improvement
> Components: Common Components (Java)
> Reporter: Louis Ryan
> Assignee: Louis Ryan
> Fix For: trunk
>
> Attachments: BetterAuthErrorHandling.patch
>
>
> The current mechanism implementation does'nt allow for the distinction
> between an unspecificed authentication mechanism and a specified but
> malformed one.
> Some authentication handlers may also need to initiate additional
> authentication steps via redirects & headers before allowing further access.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
