[
https://issues.apache.org/jira/browse/SLING-1593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Müller updated SLING-1593:
-------------------------------
Attachment: SLING-1593-postprocess-mykee.patch
As discussed on the mailing list we abandon the idea of the
CredentialsValdiator in favour of an extension to the existing
AuthenticationInfoPostProcessor.
I applied a patch.
Unfortunately the exception has to be caught in handleSecurity, so we're not
sure if the exception really comes from the post processing of
AuthenticationInfo. Maybe we should at least check if a status code is set in
the response and set it if missing?
> Decouple authentication mechanism from JCR
> ------------------------------------------
>
> Key: SLING-1593
> URL: https://issues.apache.org/jira/browse/SLING-1593
> Project: Sling
> Issue Type: Improvement
> Components: Authentication
> Reporter: Mike Müller
> Assignee: Mike Müller
> Fix For: Auth Core 1.0.0
>
> Attachments: SLING-1593-fmeschbe.patch,
> SLING-1593-postprocess-mykee.patch, sling-1593.patch, sling-1593b.patch,
> sling-1593c.patch
>
>
> Felix made a good proposal how to decouple the authentication mechanism from
> JCR at [1] after the discussion at [2]. The remaining issue there was how to
> ensure JCR sessions which are placed into AuthenticationInfo be closed. To
> solve that issue we now can use the new SlingRequestListener [3].
> [1] https://cwiki.apache.org/SLING/user-authentication.html
> [2] http://markmail.org/message/aovh7lll4w6uwepv
> [3] https://issues.apache.org/jira/browse/SLING-1576
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
