Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 71975 invoked from network); 1 Aug 2009 23:22:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 1 Aug 2009 23:22:36 -0000 Received: (qmail 85623 invoked by uid 500); 1 Aug 2009 23:22:39 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 85522 invoked by uid 500); 1 Aug 2009 23:22:39 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 85513 invoked by uid 99); 1 Aug 2009 23:22:39 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 01 Aug 2009 23:22:39 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 01 Aug 2009 23:22:35 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id CD5E0234C046 for ; Sat, 1 Aug 2009 16:22:14 -0700 (PDT) Message-ID: <1307086586.1249168934840.JavaMail.jira@brutus> Date: Sat, 1 Aug 2009 16:22:14 -0700 (PDT) From: "David Jencks (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Commented: (GERONIMO-4781) Not getting the callbacks filled in means the logn module should be ignored, not an auth failure. In-Reply-To: <152890560.1249161376301.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/GERONIMO-4781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12737969#action_12737969 ] David Jencks commented on GERONIMO-4781: ---------------------------------------- I wrote a test to try to understand this better... framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/realm/providers/FlagsMeaningTest.java The only time it makes a difference whether we return false or throw an exception is if the login module is marked REQUIRED or REQUISITE. I'm really not sure how to proceed here. I'm pretty sure it doesn't make a lot of difference because just about any desired behavior can be configured with the flags. > Not getting the callbacks filled in means the logn module should be ignored, not an auth failure. > ------------------------------------------------------------------------------------------------- > > Key: GERONIMO-4781 > URL: https://issues.apache.org/jira/browse/GERONIMO-4781 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security > Affects Versions: 2.2 > Reporter: David Jencks > Assignee: David Jencks > Fix For: 2.2 > > > I think our loign module have another problem. > Suppose you have 2 login modules configured in a realm, either one of which is sufficitent to authenticate. They use different kinds of callbacks. Given a callback handler that accepts callbacks for one of the login mdoule but not the other, we want the one that doesn't get the info it needs to just say "I dunno" by returning false, not "login failure" by throwing an exception. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.