[jira] Commented: (SLING-1593) Decouple authentication mechanism from JCR

Fri, 09 Jul 2010 02:17:51 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-1593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12886658#action_12886658
 ] 

Ian Boston commented on SLING-1593:
-----------------------------------

IIUC this removes the need to add a LoginModulePlugin with each new form of 
external authentication since the authentication is provided by the 
Credentials.validate interface.

Although this wil work, I am not certain how it will impact other areas which 
have some fundamental bindings.

1. If you want to talk about the user in any ACL's the principal must be 
resolvable from userID <=> Principal since thats the way the 
AccessContronProvider works both during resolution and when modifying an ACE.

2. If the user is going to take part in any Group membership, then they have to 
be a JCR User managed by the Jackrabbit UserManager since membership is defined 
as jcr references and bound to UserImpl and GroupImpl.


So even if we do remove the AuthN to JCR Binding for Slng, if JCR in the form 
of Jackrabbit is present the binding is still there if the user is going to do 
anything related to AuthZ.


Having said that, the change looks like a step in the right direction.



> Decouple authentication mechanism from JCR
> ------------------------------------------
>
>                 Key: SLING-1593
>                 URL: https://issues.apache.org/jira/browse/SLING-1593
>             Project: Sling
>          Issue Type: Improvement
>          Components: API, Commons
>            Reporter: Mike Müller
>
> Felix made a good proposal how to decouple the authentication mechanism from 
> JCR at [1] after the discussion at [2]. The remaining issue there was how to 
> ensure JCR sessions which are placed into AuthenticationInfo be closed. To 
> solve that issue we now can use the new SlingRequestListener [3].
> [1] https://cwiki.apache.org/SLING/user-authentication.html
> [2] http://markmail.org/message/aovh7lll4w6uwepv
> [3] https://issues.apache.org/jira/browse/SLING-1576

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to