[jira] [Commented] (SLING-2762) AbstractSlingRepository#login violates JCR spec

Fri, 01 Mar 2013 07:09:15 -0800 

    [ 
https://issues.apache.org/jira/browse/SLING-2762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13590609#comment-13590609
 ] 

Felix Meschberger commented on SLING-2762:
------------------------------------------

> GuestCredentials

Remember this Sling implementations dates back to JCR 1 where there was no 
GuestCredentials and we never adapted this code.

> login(null) support

Thanks for the update. For Sling which wraps its own Repository wrapper around 
the actual Repository we can still implement the support.

As I tried to bring the discussion to the list, I propose replace the 
respective code with something similar to this:

    if (credentials == null) {
        if (!hasAccessControlContext || !hasSubject) {
            credentials = new GuestCredentials();
        }
    }

This allows for backwards compatibility (where generally there will be no 
AccessControlContext with a Subject) while at the same time allow for Subject 
based authentication.
                
> AbstractSlingRepository#login violates JCR spec
> -----------------------------------------------
>
>                 Key: SLING-2762
>                 URL: https://issues.apache.org/jira/browse/SLING-2762
>             Project: Sling
>          Issue Type: Bug
>          Components: JCR
>            Reporter: Antonio Sanso
>
> AbstractSlingRepository#login seems to violate the javax.jcr.Repository spec.
> The API [0] says
> " If credentials is null, it is assumed that authentication is handled by a 
> mechanism external to the repository itself (for example, through the JAAS 
> framework) and that the repository implementation exists within a context 
> (for example, an application server) that allows it to handle authorization 
> of the request for access to the specified workspace."
> while the implementation looks like
> {code}
> ...
> if (credentials == null) {
>     credentials = getAnonCredentials(this.anonUser);
> }
> ...
> {code}
> [0] 
> http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Repository.html#login%28javax.jcr.Credentials,%20java.lang.String%29

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to