Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 324505

Summary: Request.login method must throw ServletException if it cant login.
Product: [RT] Jetty Reporter: David Jencks <david.a.jencks>
Component: serverAssignee: Jan Bartel <janb>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: eclipse-bugs.20.scyt, janb, jetty-inbox, mgorovoy
Version: 8.0.0   
Target Milestone: 7.1.x   
Hardware: PC   
OS: Mac OS X - Carbon (unsup.)   
Whiteboard:

Description David Jencks CLA 2010-09-04 03:30:06 EDT 
Request.login method must either successfully newly log in the user or throw a ServletException.  In particular if there is no auth configured or the user is already logged in it must throw a servlet exception.
This does not appear to apply to jetty 7, there is no login method on Request there.
Comment 1 David Jencks CLA 2010-09-04 03:37:32 EDT 
Fixed rev 2250.  I included no message in the ServletException since I wonder about leaking information about security failures back to the client.
Comment 2 Michael Gorovoy CLA 2010-09-07 20:59:54 EDT 
Greg, for your review.
Comment 3 Sebastian Tusk CLA 2010-11-12 19:00:22 EST 
DeferredAuthentication.login isn't implemented. It would be nice having that working. In the meantime Request.login should throw ServletException every time instead of silently not working.
Comment 4 Jan Bartel CLA 2011-01-10 11:22:02 EST 
Sebastian, 

We've implemented Request.login() in jetty-8. See svn rev 2645. It would be great if you could test that in your setup.

thanks
Jan