Re: How to bind session to a newly logged in session
I tried that ?sling:authRequestLogin but since anonymous does not have read access to that node I get a 404. The problem is even when I log into the CRX content explorer with a username that has access to my node, I still get a 404 if I try to surf it as this user. How can I make the authentication from CRX sticky to the rest of my site? On Feb 12, 2009, at 1:06 AM, Douglas José wrote: ?sling:authRequestLogin
Re: How to bind session to a newly logged in session
Hi Josh, Joshua Oransky schrieb: I tried that ?sling:authRequestLogin but since anonymous does not have read access to that node I get a 404. The problem is even when I log into the CRX content explorer with a username that has access to my node, I still get a 404 if I try to surf it as this user. How can I make the authentication from CRX sticky to the rest of my site? Is Safari your browser ? In this case, we have a known issue with the HTTP Authenticator at the moment, because Safari does not cache the HTTP Credentials after the XHR request. One solution might be to use cookies instead of the standard authentication header, but I have to admit, this is kind of problematic. Regards Felix On Feb 12, 2009, at 1:06 AM, Douglas José wrote: ?sling:authRequestLogin
Re: How to bind session to a newly logged in session
Hello Joshua, You can authenticate the JCR session by adding the parameter sling:authRequestLogin (details in [1]) to a request. So, for instance, you can access your content with the URL http://localhost:/content/mynode.html?sling:authRequestLogin and the user will be prompted by credentials, which will be used to login to the JCR session. Then you can use the access control features of JCR (Section 6.9 of the specification) to prevent unauthorized access to your resource without proper authentication. Kind regards, Douglas [1] https://svn.apache.org/repos/asf/incubator/sling/trunk/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java On Mon, Feb 9, 2009 at 21:36, Joshua Oransky cazza...@gmail.com wrote: Hello, I am logging in users via the Repository.login method which returns me a JCR session. How do I bind this new authorized session so that if I call currentNode.getSession() it returns me the authorized one and not the anonymous one from before? Or do I have to store the JCR session in an HTTP session? Thanks - Josh -- Douglas Jose http://douglasjose.com - Use free software. Help us make a free world.
Re: How to bind session to a newly logged in session
Hi Josh, Joshua Oransky schrieb: I am logging in users via the Repository.login method which returns me a JCR session. How do I bind this new authorized session so that if I call currentNode.getSession() it returns me the authorized one and not the anonymous one from before? Or do I have to store the JCR session in an HTTP session? There is no HttpSession in Sling. But when you say I am logging in users, I assume your are _not_ using Sling's authenticator, which logs in users based on information returned from the authentication handler(s), right ? If you want your useers to authenticate and the respective Session be used for Sling, I suggest you implement and register an AuthenticationHandler, which is used by the SlingAuthenticator to extract the credentials such that the SlingAuthenticator can then login. Regards Felix
