jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dominique Jäggi (JIRA) <j...@apache.org>
Subject [jira] [Created] (OAK-1942) UserAuthentication: enhance login states with relevant exceptions
Date Thu, 03 Jul 2014 12:10:24 GMT
Dominique Jäggi created OAK-1942:

             Summary: UserAuthentication: enhance login states with relevant exceptions
                 Key: OAK-1942
                 URL: https://issues.apache.org/jira/browse/OAK-1942
             Project: Jackrabbit Oak
          Issue Type: Improvement
          Components: security
    Affects Versions: 1.0.1, 1.0
            Reporter: Dominique Jäggi
            Priority: Minor
             Fix For: 1.1

Currently _UserAuthentication_ throws generalized _LoginException_s upon encountering certain
login states: user is disabled, user is a group. 

Additionally, upon encountering a userId/password mismatch, no exception is thrown but instead
false is returned (Causing the login module to again throw a LoginException). This is contrary
to the API contract of the _authenticate_ method which states "true if the validation was
successful; false if the specified credentials are not supported and this authentication implementation
cannot verify their validity.". A userId/password mismatch means that the credentials are
supported and *have been* verified and found invalid.

I therefore suggest to detail login states and fix the contract issue by throwing relevant
exceptions (e.g. _AccountNotFoundException_, _FailedLoginException_, et al).

Through the exceptions consumers can react to various login states in a more detailed fashion
and support the user through differentiated processes.

Deeper analysis of how this affects various login modules may be required with corresponding
test coverage.

This message was sent by Atlassian JIRA

View raw message