[ https://issues.apache.org/jira/browse/SLING-1593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Müller updated SLING-1593: ------------------------------- Attachment: SLING-1593-postprocess-mykee.patch As discussed on the mailing list we abandon the idea of the CredentialsValdiator in favour of an extension to the existing AuthenticationInfoPostProcessor. I applied a patch. Unfortunately the exception has to be caught in handleSecurity, so we're not sure if the exception really comes from the post processing of AuthenticationInfo. Maybe we should at least check if a status code is set in the response and set it if missing? > Decouple authentication mechanism from JCR > ------------------------------------------ > > Key: SLING-1593 > URL: https://issues.apache.org/jira/browse/SLING-1593 > Project: Sling > Issue Type: Improvement > Components: Authentication > Reporter: Mike Müller > Assignee: Mike Müller > Fix For: Auth Core 1.0.0 > > Attachments: SLING-1593-fmeschbe.patch, > SLING-1593-postprocess-mykee.patch, sling-1593.patch, sling-1593b.patch, > sling-1593c.patch > > > Felix made a good proposal how to decouple the authentication mechanism from > JCR at [1] after the discussion at [2]. The remaining issue there was how to > ensure JCR sessions which are placed into AuthenticationInfo be closed. To > solve that issue we now can use the new SlingRequestListener [3]. > [1] https://cwiki.apache.org/SLING/user-authentication.html > [2] http://markmail.org/message/aovh7lll4w6uwepv > [3] https://issues.apache.org/jira/browse/SLING-1576 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.