Tynamo
  1. Tynamo
  2. TYNAMO-154

add FirstExceptionStrategy as the default AuthenticationStrategy for projects with multiple realms

    Details

    • Number of attachments :
      0

      Description

      After adding a new Realm to my project I've lost the ability to track
      granular login exceptions.
      When using only one Realm I'm able to catch and report
      UnknownAccountException, IncorrectCredentialsException and
      LockedAccountException, but when there is more than one Realm all
      exceptions are just plain AuthenticationException.

      This issue also affects the federated-accounts Realms. In my project I
      need to be able to differentiate between signups, signins and connect
      account callbacks, but no matter what exception I throw from my
      federate() method, all the exceptions get transformed into
      AuthenticationException without any trace of the original exception.

      After a lot of digging around I finally found the culprit. The
      AuthenticationStrategy !
      All the AuthenticationStrategy implementations for MultipleRealms
      completely ignore the exceptions. To workaround this I've implemented
      my own AuthenticationStrategy, called FirstExceptionStrategy, that
      works with multiple realms and throws the first exception it gets.
      This approach works fine as long as there is only one Realm per Token
      type.

      I think FirstExceptionStrategy should be the default
      AuthenticationStrategy for projects with multiple realms using the
      federated-accounts module.

        Activity

        Hide
        Alejandro Scandroli added a comment -


        fixed in r2374

        Show
        Alejandro Scandroli added a comment - fixed in r2374
        Hide
        Lenny Primak added a comment -

        Ahhh?..
        I am not much a complainer, but this issue has cost me a days' worth of work
        This should be turned on with a symbol by federated accounts,
        but be on by default in Tapestry-Security (without federated accounts)

        Show
        Lenny Primak added a comment - Ahhh?.. I am not much a complainer, but this issue has cost me a days' worth of work This should be turned on with a symbol by federated accounts, but be on by default in Tapestry-Security (without federated accounts)

          People

          • Assignee:
            Alejandro Scandroli
            Reporter:
            Alejandro Scandroli
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: