Topics

AuthenticationException -- checked or unchecked?


Will Hopkins
 

How should I code this?
-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803


Will Hopkins
 

Actually, just looked a little further -- it's not so much that SecurityContext.authenticate() needs to throw an exception and we therefore need an AuthenticationException to match the AuthenticationStatus, it's more that the use of AuthenticationStatus for HAM.validateRequest() and HAM.secureResponse() is inconsistent with the fact that both methods throw AuthException.

I'd actually argue that the right fix here is to revert back to AuthStatus for HAMs, since they're interacting directly with JASPIC and there's no good reason to be converting back and forth, and do the conversion from AuthStatus to AuthenticationStatus either in getLastAuthenticationStatus() or -- if SecurityContext.authenticate() is the only consumer of getLastAuthenticationStatus() -- in setLastAuthenticationStatus(). The authenticate() method is the only API that needs it.

Will

On 07/07/2017 06:35 PM, Will Hopkins wrote:
How should I code this?
-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803

-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803