[
https://issues.apache.org/jira/browse/SLING-3179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13868903#comment-13868903
]
Alexander Klimetschek commented on SLING-3179:
----------------------------------------------
{quote}this is how JAAS works{quote}
Yes. It seems quite complex and IMO we shouldn't use or advertise it very much
- it seems you can easily mess it up.
IIUC, this is for the use case of external authentication where the repository
needs to trust the outside. IMO this must be a config option in Jackrabbit and
by default off. And use LoginModule or the loginByService mechanism for pre
authentication.
> Implement solution to the Authentication Handler Credential Validation Problem
> ------------------------------------------------------------------------------
>
> Key: SLING-3179
> URL: https://issues.apache.org/jira/browse/SLING-3179
> Project: Sling
> Issue Type: Bug
> Components: API, JCR, ResourceResolver
> Affects Versions: JCR Base 2.1.2, API 2.4.2, Resource Resolver 1.0.6
> Reporter: Felix Meschberger
> Assignee: Antonio Sanso
> Attachments: SLING-3179.diff, SLING-3179.patch
>
>
> The proposal [Solving the Authentication Handler Credential Validation
> Problem|https://cwiki.apache.org/confluence/display/SLING/Solving+the+Authentication+Handler+Credential+Validation+Problem]
> should be implemented.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
