jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dominique Jäggi (JIRA) <j...@apache.org>
Subject [jira] [Created] (OAK-1942) UserAuthentication: enhance login states with relevant exceptions
Date Thu, 03 Jul 2014 12:10:24 GMT
Dominique Jäggi created OAK-1942:
------------------------------------

             Summary: UserAuthentication: enhance login states with relevant exceptions
                 Key: OAK-1942
                 URL: https://issues.apache.org/jira/browse/OAK-1942
             Project: Jackrabbit Oak
          Issue Type: Improvement
          Components: security
    Affects Versions: 1.0.1, 1.0
            Reporter: Dominique Jäggi
            Priority: Minor
             Fix For: 1.1


Currently _UserAuthentication_ throws generalized _LoginException_s upon encountering certain
login states: user is disabled, user is a group. 

Additionally, upon encountering a userId/password mismatch, no exception is thrown but instead
false is returned (Causing the login module to again throw a LoginException). This is contrary
to the API contract of the _authenticate_ method which states "true if the validation was
successful; false if the specified credentials are not supported and this authentication implementation
cannot verify their validity.". A userId/password mismatch means that the credentials are
supported and *have been* verified and found invalid.

I therefore suggest to detail login states and fix the contract issue by throwing relevant
exceptions (e.g. _AccountNotFoundException_, _FailedLoginException_, et al).

Through the exceptions consumers can react to various login states in a more detailed fashion
and support the user through differentiated processes.

Deeper analysis of how this affects various login modules may be required with corresponding
test coverage.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message