javaee-security-spec@javaee.groups.io | AuthenticationException -- checked or unchecked?

Home Messages Hashtags

Topics

Date Date 1 - 2 of 2

AuthenticationException -- checked or unchecked?

Will Hopkins #315 How should I code this? -- Will Hopkins \| WebLogic Security Architect \| +1.781.442.0310 Oracle Application Development 35 Network Drive, Burlington, MA 01803
More All Messages By This Member
Will Hopkins #316 Actually, just looked a little further -- it's not so much that SecurityContext.authenticate() needs to throw an exception and we therefore need an AuthenticationException to match the AuthenticationStatus, it's more that the use of AuthenticationStatus for HAM.validateRequest() and HAM.secureResponse() is inconsistent with the fact that both methods throw AuthException. I'd actually argue that the right fix here is to revert back to AuthStatus for HAMs, since they're interacting directly with JASPIC and there's no good reason to be converting back and forth, and do the conversion from AuthStatus to AuthenticationStatus either in getLastAuthenticationStatus() or -- if SecurityContext.authenticate() is the only consumer of getLastAuthenticationStatus() -- in setLastAuthenticationStatus(). The authenticate() method is the only API that needs it. Will On 07/07/2017 06:35 PM, Will Hopkins wrote: How should I code this? -- Will Hopkins \| WebLogic Security Architect \| +1.781.442.0310 Oracle Application Development 35 Network Drive, Burlington, MA 01803 -- Will Hopkins \| WebLogic Security Architect \| +1.781.442.0310 Oracle Application Development 35 Network Drive, Burlington, MA 01803
More All Messages By This Member

1 - 2 of 2

1

Previous Topic Next Topic

Home Messages Hashtags About Features Pricing Updates Terms Help Twitter