[
https://issues.apache.org/jira/browse/SLING-2762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13846274#comment-13846274
]
Antonio Sanso commented on SLING-2762:
--------------------------------------
I'd be inclined to apply the patch included by [~fmeschbe] and [~anchela] in
https://cwiki.apache.org/confluence/display/SLING/Solving+the+Authentication+Handler+Credential+Validation+Problem
namely
{code}
if (credentials == null) {
if (Subject.getSubject(AccessController.getContext()) != null) {
return getRepository().login(null, workspace);
} else {
// TODO: getAnonCredentials(this.anonUser) should not be used for
anonymous access
return getRepository().login(new GuestCredentials(), workspace);
}
} else {
return getRepository().login(credentials, workspace);
}
{code}
WDYT?
> AbstractSlingRepository#login violates JCR spec
> -----------------------------------------------
>
> Key: SLING-2762
> URL: https://issues.apache.org/jira/browse/SLING-2762
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Reporter: Antonio Sanso
>
> AbstractSlingRepository#login seems to violate the javax.jcr.Repository spec.
> The API [0] says
> " If credentials is null, it is assumed that authentication is handled by a
> mechanism external to the repository itself (for example, through the JAAS
> framework) and that the repository implementation exists within a context
> (for example, an application server) that allows it to handle authorization
> of the request for access to the specified workspace."
> while the implementation looks like
> {code}
> ...
> if (credentials == null) {
> credentials = getAnonCredentials(this.anonUser);
> }
> ...
> {code}
> [0]
> http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Repository.html#login%28javax.jcr.Credentials,%20java.lang.String%29
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
