Bump. How should we handle SHIRO-120?
Les https://issues.apache.org/jira/browse/SHIRO-120 On Thu, Jan 7, 2010 at 9:27 AM, Les Hazlewood <[email protected]> wrote: > To my 2nd point earlier: > > So now I should also create a SystemErrorAuthorizationException if > anything happens during authorization instead of authentication? How > about also creating a SystemErrorSessionException too? > > Doesn't that just sound awful? Replicating system hierarchies just be > just because of two or three different root parent classes? > > I think that system/data exceptions should be handled differently than > exceptions that occur due to a user action and should be represented > in a different hierarchy. > > - Les > > On Wed, Jan 6, 2010 at 5:31 PM, Jeremy Haile <[email protected]> wrote: >> It does if you create a subclass of AuthenticationException called >> SystemErrorAuthenticationException ;-) (or whatever) >> >> Les Hazlewood wrote: >>> >>> I think of those two exceptions and their hierarchies as representing >>> user-attributed "expected but not frequent" exceptions related to an >>> end-user's failure to authenticate or authorize properly - locked >>> account, incorrect password, etc. These kind of exceptions are a >>> totally different class of exceptions compared to data source failure. >>> >>> Then there is the issue that, if say a NamingException occurs in >>> either during authentication or authorization, it appears that we'd >>> have to create two separate Exceptions under each hierarchy >>> representing the same system-level problem. Not too ideal I don't >>> think. >>> >>> I don't think it is nice for example to just catch the problem and >>> throw as a generic AuthenticationException - this doesn't allow the >>> developer catching these exceptions to differentiate between >>> user-level problems and system-level problems. >>> >>> Thoughts? >>> >>> - Les >>> >>> On Wed, Jan 6, 2010 at 4:45 PM, Jeremy Haile<[email protected]> wrote: >>> >>>> >>>> Don't we already offer two hierarchies for this purpose? >>>> AuthenticationException and AuthorizationException >>>> >>>> >>>> Les Hazlewood wrote: >>>> >>>>> >>>>> This issue: >>>>> >>>>> https://issues.apache.org/jira/browse/SHIRO-120 >>>>> >>>>> raises a good point. We shouldn't be swallowing exceptions from >>>>> Realms anywhere. We should instead offer a nice Exception hierarchy >>>>> to allow end-users to react to problems. >>>>> >>>>> The best exception hierarchy I've seen exemplifying this is Spring's >>>>> DataAccessException and subclasses. >>>>> >>>>> Should we incorporate something similar? If so, any recommendations? >>>>> >>>>> - Les >>>>> >>>>> >> >
