[
https://issues.apache.org/jira/browse/JCR-3222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13194663#comment-13194663
]
Jukka Zitting commented on JCR-3222:
------------------------------------
> This is wrong.
That's what the HttpContext.handleSecurity() method does, right? It's needs to
be able to take over the entire processing of a request.
> By having a contextId service property a whiteboard servlet service can refer
> to a whiteboard
> HttpContext service which implements that method accordingly.
You need some code to actually implement the HttpContext interface. That code
could simply do request.setAttribute(SessionProvider.class.getName(),
customSessionProvider) in the handleSecurity() method, right? I don't see why
the SessionProvider instance would need to be an OSGi service in this case.
Of course, if there is a case why some component would want to implement the
SessionProvider interface without the ability to terminate request processing
or to send a custom HTTP response, then I could see why accessing
SessionProviders as OSGi services would be useful. In such a case though, we
should support potentially more than just a single SessionProvider service and
make sure that the releaseSession() calls get routed to the correct provider
(which your current patch doesn't guarantee).
> Allow servlet filters to specify custom session providers
> ---------------------------------------------------------
>
> Key: JCR-3222
> URL: https://issues.apache.org/jira/browse/JCR-3222
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-jcr-server
> Reporter: Jukka Zitting
> Priority: Minor
> Attachments: JCR-3222-fmeschbe.patch,
> jackrabbit-jcr-server-2.6-SNAPSHOT.jar
>
>
> In order to integrate the Jackrabbit davex server functionality with their
> custom authentication logic, the Sling project currently needs to embed and
> subclass the davex servlet classes. It would be cleaner if such tight
> coupling wasn't needed.
> One way to achieve something like that would be to allow external components
> to provide a custom SessionProvider instance as an extra request attribute.
> This way for example a servlet filter that implements such custom
> authentication logic could easily make its functionality available to the
> standard davex servlet in Jackrabbit.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
