Hi Felix, > I propose to create a new service interface Authenticator, which is > implemented by the existing SlingAuthenticator class (both in the > o.a.sling.engine bundle). This interface has a requestAuthentication > method, which may be used to initiate authentication from within > servlets or scripts and have the requestAuthentication method of the > appropriate handler be called for the current request. > > In addition, the sling:authRequestLogin parameter supported by the HTTP > Basic authentication handler should actually be handled by the > SlingAuthenticator. This enables any client to initiate authentication > by just specifying this parameter and have the SlingAuthenticator call > the requestAuthentication method of the appropriate handler be called > for the request.
I agree with your propossal and understand and share the reasons. +1 In the other hand, and I hope this is not off-topic, I still see a little bit contradictory that Sling let having different authentication handlers, but in the other hand, they are all tied to jcr specification (javax.jcr.Credentials type for instance). I understand this draft [1] is in line with this point, reallly?. BR, Juanjo. [1] http://cwiki.apache.org/SLING/add-resourceresolverfactory-service-interface.html