geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-4781) Not getting the callbacks filled in means the logn module should be ignored, not an auth failure.
Date Sat, 01 Aug 2009 23:22:14 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-4781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12737969#action_12737969
] 

David Jencks commented on GERONIMO-4781:
----------------------------------------

I wrote a test to try to understand this better...   framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/FlagsMeaningTest.java

The only time it makes a difference whether we return false or throw an exception is if the
login module is marked REQUIRED or REQUISITE.  I'm really not sure how to proceed here.  I'm
pretty sure it doesn't make a lot of difference because just about any desired behavior can
be configured with the flags.

> Not getting the callbacks filled in means the logn module should be ignored, not an auth
failure.
> -------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-4781
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4781
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.2
>
>
> I think our loign module have another problem.
> Suppose you have 2 login modules configured in a realm, either one of which is sufficitent
to authenticate.  They use different kinds of callbacks.  Given a callback handler that accepts
callbacks for one of the login mdoule but not the other, we want the one that doesn't get
the info it needs to just say "I dunno" by returning false, not "login failure" by throwing
an exception.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message