jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dominique Jäggi (JIRA) <j...@apache.org>
Subject [jira] [Updated] (OAK-1942) UserAuthentication: enhance login states with relevant exceptions
Date Thu, 03 Jul 2014 12:12:24 GMT

     [ https://issues.apache.org/jira/browse/OAK-1942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Dominique Jäggi updated OAK-1942:

    Attachment: OAK-1942_-_UserAuthentication_enhance_login_states_with_relevant_exceptions.patch

attaching first suggestion as patch [^OAK-1942_-_UserAuthentication_enhance_login_states_with_relevant_exceptions.patch],
[~anchela], please have a look :)

> UserAuthentication: enhance login states with relevant exceptions
> -----------------------------------------------------------------
>                 Key: OAK-1942
>                 URL: https://issues.apache.org/jira/browse/OAK-1942
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0, 1.0.1
>            Reporter: Dominique Jäggi
>            Priority: Minor
>             Fix For: 1.1
>         Attachments: OAK-1942_-_UserAuthentication_enhance_login_states_with_relevant_exceptions.patch
> Currently _UserAuthentication_ throws generalized _LoginException_s upon encountering
certain login states: user is disabled, user is a group. 
> Additionally, upon encountering a userId/password mismatch, no exception is thrown but
instead false is returned (Causing the login module to again throw a LoginException). This
is contrary to the API contract of the _authenticate_ method which states "true if the validation
was successful; false if the specified credentials are not supported and this authentication
implementation cannot verify their validity.". A userId/password mismatch means that the credentials
are supported and *have been* verified and found invalid.
> I therefore suggest to detail login states and fix the contract issue by throwing relevant
exceptions (e.g. _AccountNotFoundException_, _FailedLoginException_, et al).
> Through the exceptions consumers can react to various login states in a more detailed
fashion and support the user through differentiated processes.
> Deeper analysis of how this affects various login modules may be required with corresponding
test coverage.

This message was sent by Atlassian JIRA

View raw message