Hello Joshua, You can authenticate the JCR session by adding the parameter "sling:authRequestLogin" (details in [1]) to a request. So, for instance, you can access your content with the URL
http://localhost:8888/content/mynode.html?sling:authRequestLogin and the user will be prompted by credentials, which will be used to login to the JCR session. Then you can use the access control features of JCR (Section 6.9 of the specification) to prevent unauthorized access to your resource without proper authentication. Kind regards, Douglas [1] https://svn.apache.org/repos/asf/incubator/sling/trunk/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java On Mon, Feb 9, 2009 at 21:36, Joshua Oransky <cazza...@gmail.com> wrote: > Hello, > > I am logging in users via the Repository.login method which returns > me a JCR session. How do I bind this new authorized session so that if I > call currentNode.getSession() it returns me the authorized one and not the > anonymous one from before? > > Or do I have to store the JCR session in an HTTP session? > > Thanks - Josh > -- Douglas Jose http://douglasjose.com - "Use free software. Help us make a free world."
