1. javaee-security-spec@javaee.groups.io
Topics

LoginToContinue forward support on error

Guillermo González de Agüero
 

Hi,

Reviewing the LoginToContinue annotation, it has a "useForwardToLogin" to specify whether a redirect or a forward should be used when the user requests a protected resource. However, behavior of the authentication error doesn't seem to be specified. Soteria always perform a redirect on this case [1].

I propose to replace "boolean useForwardToLogin" with "OperationType useForwardOn". OperationType (example name) will be an enum with the following values:
- LOGIN
- AUTHENTICATION_ERROR
- BOTH

To maintain current behavior, the dafault value would be "useForwardOn = LOGIN". For the error page, a redirect would be issued. I'd vote for a default value of BOTH anyway.

Another possibility is to add another property "useForwardOnError" but I'm not a fan of annotation with tons of properties.
Arjan Tijms
 

Hi,

We could indeed do something like that. It's a bit of a trade-off though, should we ever have additional pages to direct the user to, the enum as proposed would become awkward. Then again, how likely is it that we get additional pages?

Kind regards,
Arjan Tijms
Guillermo González de Agüero
 

Hi,

I already thought about that but I see very low possibilities that it happens. But in that event, this annotation will probably need to be deprecated in favor of a new more flexible one.

Another view is that annotations are just a convenient and simplified way of doing things. Other options may be offered in a programmatic style.


Regards,

Guillermo González de Agüero


El sáb., 27 de mayo de 2017 13:10, Arjan Tijms <arjan.tijms@...> escribió:
Hi,

We could indeed do something like that. It's a bit of a trade-off though, should we ever have additional pages to direct the user to, the enum as proposed would become awkward. Then again, how likely is it that we get additional pages?

Kind regards,
Arjan Tijms

1 - 3 of 3