[MAGNOLIA-3104] Feedback for authorization failures Created: 03/Mar/10 Updated: 04/Nov/15 Resolved: 04/Nov/15 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | security |
| Affects Version/s: | 4.3 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major |
| Reporter: | Federico Grilli | Assignee: | Philipp Bärfuss |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||
| Date of First Response: | |||||||||
| Description |
|
Authorization failures issued by info.magnolia.cms.security.URISecurityFilter#isAuthorized are only logged at debug level. After failure a login form is shown to the user which says nothing about why access to a certain resource has been denied and rather let them think that something was wrong with their username/password. It would be nice to give visual feedback in the login form also for this kind of errors, as it is done for authentication failures (e.g. wrong password). |
| Comments |
| Comment by Michael Mühlebach [ 04/Nov/15 ] |
|
Given the thousands of other issues we have open that are more highly requested, we won't be able to address this issue in the foreseeable future. Instead we will focus on issues with a higher impact, and more votes. |