Authentication Initiation
Excerpt | ||
---|---|---|
| ||
How to generalize initiation of the authentication process. |
Status: DRAFT
Created: 21. April 2009
Author: fmeschbe
JIRA: SLING-938, SLING-939
References: Sling Dev: Refining the authentication process
Updated: -
Table of Contents | ||
---|---|---|
|
Current State
Authentication processing is currently implemented using the following components:
...
Currently the AuthenticationHandler.requestAuthentication
method is only called if an authentication request, which has been initiated from the client side for example by submitting a form, failed and must be reissued. With the new approach, this method may also be called to initiate authentication.
Non Goals
Logout
This concept is not about request "logout". To complement the authentication initiation process to enable rendering authentication handler agnostic login buttons in some GUIs it would likewise be interesting to provide a generic logout mechanism which allows rendering a authentication handler agnostic logout button.
Currently, the only way to implement a "logout" is to initiate another authentication process. This is of course the only way to "logout" when using plain HTTP Basic authentication. For other authentication schemes like OpenID or Single Sign-On solutions, the situation may be different and an actual "logou" mechanism may be existing.
Non-JCR-centric AuthenticationInfo
This concept is not about modifying the AuthenticationInfo
class, which is used by the AuthenticationHandler
interface to give back the login credentials for the authenticator to actually log in. This is rather the issue of the general refactoring of the ResourceResolver
access.
API extension
A new Authenticator
interface is defined and exported in the org.apache.sling.engine
bundle :
...