[ https://issues.apache.org/jira/browse/SLING-608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12622108#action_12622108 ]
Felix Meschberger commented on SLING-608: ----------------------------------------- @Marvin: You are right. We don't have much with respect to version support yet in our samples (and test cases). Michael's notes application is currently pending inclusing in Sling as a sample. Regarding authentication: AFAIK Jackrabbit comes with no built-in user management out of the box (though there is an LDAP authentication handler and also support for JAAS IIRC). So we took the simple way in Sling to just include Jackrabbit out of the box with a default configuration. There should probably be better documenting on how to change this behaviour to use real user management. Sling itself has an authentication strategy in that it has an authenticator which calls into AuthenticationHandlers to extract the user details from the request (support for HTTP BASIC authentication comes with Sling) and which then logs into the repository. All in all, the authentication strategy is to use the repository for authentication - provided the repository does something real here. @Rory Using the web server platform for user authentication would probably be the cause for a Sling AuthenticationHandler implementation. In this case the repository would have to be set up for JAAS authentication to be able to pick up the Credentials prepared by Sling's JAAS AuthenticationHandler. > Provide Authentication Control > ------------------------------ > > Key: SLING-608 > URL: https://issues.apache.org/jira/browse/SLING-608 > Project: Sling > Issue Type: Improvement > Components: Documentation, JCR, Launchpad > Affects Versions: Launchpad Webapp 3 > Reporter: Marvin Phelps > > Sling sits atop a content repository - so there should be better examples of > how to post versions and list versions. (mix:versionable). I managed to find > out how to do this using the Day notes application. Secondly, it's now > apparent to me that the LaunchPad webapp is using Jackrabbit's > SimpleLoginModule and by default it allows access for every user: even > http://doodoo:[EMAIL PROTECTED]:8888/ Sling needs to have some authentication > strategy built-in. With this stuff provided in Launchpad, Sling would be more > usable out of the box. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.