Hi Juanjo,
Juan José Vázquez Delgado schrieb:
Hi Felix,
I propose to create a new service interface Authenticator, which is
implemented by the existing SlingAuthenticator class (both in the
o.a.sling.engine bundle). This interface has a requestAuthentication
method, which may be used to initiate authentication from within
servlets or scripts and have the requestAuthentication method of the
appropriate handler be called for the current request.
In addition, the sling:authRequestLogin parameter supported by the HTTP
Basic authentication handler should actually be handled by the
SlingAuthenticator. This enables any client to initiate authentication
by just specifying this parameter and have the SlingAuthenticator call
the requestAuthentication method of the appropriate handler be called
for the request.
I agree with your propossal and understand and share the reasons.
+1
Thanks.
In the other hand, and I hope this is not off-topic, I still see a
little bit contradictory that Sling let having different
authentication handlers, but in the other hand, they are all tied to
jcr specification (javax.jcr.Credentials type for instance). I
understand this draft [1] is in line with this point, reallly?.
It is not really off-topic. Point is that this proposal is not targeted
at this end of the line. Yet, I agree, that we have another issue in the
AuthenticationInfo class, which is tied into JCR style login.
I think we will solve this issue when we tackle the
ResourceResolverFactory implementation [2].
Regards
Felix
[2]
http://cwiki.apache.org/SLING/add-resourceresolverfactory-service-interface.html
BR,
Juanjo.
[1]
http://cwiki.apache.org/SLING/add-resourceresolverfactory-service-interface.html
