Hi, On 01.10.2010 08:53, Ian Boston wrote: > > On 1 Oct 2010, at 07:31, Felix Meschberger wrote: > >>> >>> WDYT? >> >> Another point: Even though such filters don't have access to the full >> SlingHttpServletRequest/Response functionality it should be noted, that >> the request has already been authenticated and the ResourceResolver used >> for request processing is available to the CONTAINER filters. >> >> Regards >> Felix > > > Good point, > I guess its going to be hard to get the filter outside the handleSecuriy > without registering the filter with the web context, however that could > almost be arranged, > unfortunately I think doing that would bind to the flavour of Http Service as > there is no registerFilter in standard OSGi (AFAIK).
Yes, because the handleSecurity is called before the SlingMainServlet is called, kind of like a gate into the servlet. Actually, I would go as far as say, this is a feture of the CONTAINER filters, that the already act on an authenticated request (and might have the ResourceResolver...) Regards Felix