...
Excerpt | ||
---|---|---|
| ||
Separating authentication from ResourceResolver access (ammending Add ResourceResolverFactory Service Interface) (DRAFTNOT IMPLEMENTED) |
Status: DRAFT NOT IMPLEMENTED
Created: 14. March 2010
Author: fmeschbe
JIRA: –
References: Merging Sling API and Commons Auth API
Update: – fmeschbe/27. September 2013
Table of Contents | ||
---|---|---|
|
Update
This concept is not being implemented because in the meantime ResourceProviderFactory
services have been introduced which can be flagged as being mandatory and thus validate credentials from authentication handlers. One such implementation is the JCR Resource Provider which does exactly that and internally validates the credentials by create a JCR Session.
Introduction
With the recent introduction of the Commons Auth Bundle and the current approach to break apart the dependency on JCR API from the Commons Auth Bundle we are faced with an issue of how to authenticate an HTTP request user while at the same time not binding the authentication mechanism to any data repository.
...
The JCR based ResourceResolverFactory.getResourceResolver(Map)
knows about the CredentialValidator
implementation and can make use of the Session
object in the map to reuse the existing session.
Complete Steps
...
Authenticating HTTP Requests
Requests are authenticated as follows:
...