[ https://issues.apache.org/jira/browse/JCR-3222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13194663#comment-13194663 ]
Jukka Zitting commented on JCR-3222: ------------------------------------ > This is wrong. That's what the HttpContext.handleSecurity() method does, right? It's needs to be able to take over the entire processing of a request. > By having a contextId service property a whiteboard servlet service can refer > to a whiteboard > HttpContext service which implements that method accordingly. You need some code to actually implement the HttpContext interface. That code could simply do request.setAttribute(SessionProvider.class.getName(), customSessionProvider) in the handleSecurity() method, right? I don't see why the SessionProvider instance would need to be an OSGi service in this case. Of course, if there is a case why some component would want to implement the SessionProvider interface without the ability to terminate request processing or to send a custom HTTP response, then I could see why accessing SessionProviders as OSGi services would be useful. In such a case though, we should support potentially more than just a single SessionProvider service and make sure that the releaseSession() calls get routed to the correct provider (which your current patch doesn't guarantee). > Allow servlet filters to specify custom session providers > --------------------------------------------------------- > > Key: JCR-3222 > URL: https://issues.apache.org/jira/browse/JCR-3222 > Project: Jackrabbit Content Repository > Issue Type: Improvement > Components: jackrabbit-jcr-server > Reporter: Jukka Zitting > Priority: Minor > Attachments: JCR-3222-fmeschbe.patch, > jackrabbit-jcr-server-2.6-SNAPSHOT.jar > > > In order to integrate the Jackrabbit davex server functionality with their > custom authentication logic, the Sling project currently needs to embed and > subclass the davex servlet classes. It would be cleaner if such tight > coupling wasn't needed. > One way to achieve something like that would be to allow external components > to provide a custom SessionProvider instance as an extra request attribute. > This way for example a servlet filter that implements such custom > authentication logic could easily make its functionality available to the > standard davex servlet in Jackrabbit. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira