Hi, On 21.01.2010 11:29, Thorsten Rössner wrote: > actually I am facing the authentication of an application. > I want to use the handleSecurity()-Method of the class SlingAuthenticator. > This works fine.
Great. And great to hear, this is of use to you ! > > I have different paths. Some should be accessed by anonymous, others > not. So I thought I use the sling.auth.requirements property to do this. > It works fine, if I add the paths in the configuration in the web > management console. > But it is not so comfortable, because the user has to interact. So I > read about the possibility to add this paths with an OSGi service. > > I created a service, that implements the AuthenticationHandler and > contains the property > @scr.property nameRef="AuthenticationHandler.PATH_PROPERTY" value="/bla" > The bind()-Method in the ServiceTracker of SlingAuthenticator is called > and the path is inserted into authHandlerCache. > > When I try to login as anonymous to /bla the path from my service gets > not checked in the method isAnonAllowed(), that tests the paths > anonymous can access , because it is not in the variable authRequiredCache. > > How can I add a path to the SlingAuthenticator via OSGi service, that it > is checked in the anonymous login process? > Could it be an missing insert to the authRequiredCache? There are two properties: * The "path" property (AuthenticationHandler.PATH_PROPERTY) defines the area where the authentication handler is responsible and where it is called in the case of extractCredentials, requestCredentials, and dropCredentials. * The "sling.auth.requirements" property defines a list of paths for which it should be defined, whether authentication would be required or not. Both properties are handled completely separatly by the Sling Authenticator. Thus to register an Authenticationhandler responsible for an area of the URL space *and* also forcing authentication for that area, you have to set both properties in the handler. In fact the Sling Authenticator listens for *all* services registered with a "sling.auth.requirements" registration property and sets its authentication requirements accordingly. So, a LoginServlet could for example register its own path to prevent authentication when calling that servlet. Hope this helps. Regards Felix > > Thanks for your help. > > Thorsten > >
