Hi Ian, Actually since the proposed bundles are now integrated with the org.apache.sling.commons.auth changes, they no longer needed to have their own Login/Logout servlets. They simply use the Login/Logout servlets from the commons.auth bundle which are bound to the following paths:
LoginServlet: /system/sling/login LogoutServlet: /system/sling/logout Does that work for you? Regards, -Eric On Sun, Jan 24, 2010 at 10:33 AM, Ian Boston <[email protected]> wrote: > Would it be possible to put this all under /system/session/... or /_session > ? > > /session is used for content at times, we have tried to put non user > generated urls at /system/... or /_.... to avoid conflicts. > > Ian > > Sent from my iPhone > > > On 24 Jan 2010, at 17:18, "Eric Norman (JIRA)" <[email protected]> wrote: > > >> [ >> https://issues.apache.org/jira/browse/SLING-1116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel >> ] >> >> Eric Norman updated SLING-1116: >> ------------------------------- >> >> Attachment: (was: org.apache.sling.cookieauth.zip) >> >> FORM Based Authentication >>> ------------------------- >>> >>> Key: SLING-1116 >>> URL: https://issues.apache.org/jira/browse/SLING-1116 >>> Project: Sling >>> Issue Type: New Feature >>> Components: Extensions >>> Reporter: Eric Norman >>> Attachments: org.apache.sling.cookieauth.zip, >>> org.apache.sling.sessionauth.zip >>> >>> >>> This is a new bundle that provides an implementation of forms based >>> authentication for sling. >>> There are two servlets: >>> 1. LoginServlet - bound to /session/login >>> 2. LogoutServlet - bound to /session/logout >>> The FormAuthenticationHandler will use http basic auth credentials if >>> they are on the request. If there is no basic auth header, it will use >>> attempt to use cached credentials stored on the server side by the >>> LoginServlet. >>> The login form html is generated by a set of scripts >>> 1. login.html.esp - full login page (includes login_body.html.esp for >>> the form markup) >>> 2. login_body.html.esp - just the login form, which may be useful for >>> drawing the login form for an ajax context >>> 3. loginError.html.esp - full login-error page >>> 4. loginError_body.html.esp - just the login-error form, for login error >>> in ajax context >>> The above scripts are included as bundle-resources @ >>> /libs/sling/servlet/default >>> The bundle also has a couple of test scripts to show some examples of >>> usage: >>> 1. loginTest.html.esp - shows who is logged in and links to login or >>> logout >>> 2. loginTest2.html.esp - shows how a script can check permissions and >>> show a login page if the anonymous user doesn't have permission to see the >>> page, >>> Some examples of usage are: >>> 1. http://host:port/path/to/node.login.html - show the login page and >>> then goto http://host:port/path/to/node after authenticated >>> 2. http://host:port/path/to/node.login.html?s=.edit.html - show the >>> login page and then goto http://host:port/path/to/node.edit.html after >>> authenticated >>> 3. http://host:port/session/logout - invalidate the session and switch >>> back to anonymous user >>> >> >> -- >> This message is automatically generated by JIRA. >> - >> You can reply to this email to add a comment to the issue online. >> >>
