[ https://issues.apache.org/jira/browse/SLING-2762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13590609#comment-13590609 ]
Felix Meschberger commented on SLING-2762: ------------------------------------------ > GuestCredentials Remember this Sling implementations dates back to JCR 1 where there was no GuestCredentials and we never adapted this code. > login(null) support Thanks for the update. For Sling which wraps its own Repository wrapper around the actual Repository we can still implement the support. As I tried to bring the discussion to the list, I propose replace the respective code with something similar to this: if (credentials == null) { if (!hasAccessControlContext || !hasSubject) { credentials = new GuestCredentials(); } } This allows for backwards compatibility (where generally there will be no AccessControlContext with a Subject) while at the same time allow for Subject based authentication. > AbstractSlingRepository#login violates JCR spec > ----------------------------------------------- > > Key: SLING-2762 > URL: https://issues.apache.org/jira/browse/SLING-2762 > Project: Sling > Issue Type: Bug > Components: JCR > Reporter: Antonio Sanso > > AbstractSlingRepository#login seems to violate the javax.jcr.Repository spec. > The API [0] says > " If credentials is null, it is assumed that authentication is handled by a > mechanism external to the repository itself (for example, through the JAAS > framework) and that the repository implementation exists within a context > (for example, an application server) that allows it to handle authorization > of the request for access to the specified workspace." > while the implementation looks like > {code} > ... > if (credentials == null) { > credentials = getAnonCredentials(this.anonUser); > } > ... > {code} > [0] > http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Repository.html#login%28javax.jcr.Credentials,%20java.lang.String%29 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira