[
https://issues.apache.org/jira/browse/SLING-4?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger closed SLING-4.
---------------------------------
Resolution: Fixed
Implemented the proposed behaviour in Rev. 613168.
> AuthenticationFilter only logs RepositoryException, without rethrowing it
> -------------------------------------------------------------------------
>
> Key: SLING-4
> URL: https://issues.apache.org/jira/browse/SLING-4
> Project: Sling
> Issue Type: Improvement
> Components: Core
> Reporter: Felix Meschberger
>
> Currently org.apache.sling.core.impl.auth.AuthenticationFilter eats some
> exceptions, or more precisely only logs them, without rethrowing them.
> For example:
> } catch (RepositoryException re) {
> log.error("Unable to authenticate: {}", re.getMessage());
> }
> At the application level this means that, if a Repository is not available,
> the user's login is refused as if a wrong password had been entered, without
> any mention of the Repository problem at the user level.
> I'm not sure about all the implications, but it might be good for
> AuthenticationFilter to rethrow more exceptions, to differentiate between
> pure authentication problems and other problems.
> I am not sure, whether we want to throw implementation details such as a
> non-available repository into his face (remember those great sites, which
> present
> MS ODBC messages to the innocent user :-) )
> On the other hand something like an javax.servlet.UnavailableException might
> be usefull - though this exception is intended to be thrown by the init
> method (IIRC). Only logging the message is not usefull either.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
