On Nov 9, 2011, at 9:24 AM, Felix Meschberger <fmesc...@adobe.com> wrote:
> Hi, > > Am 09.11.2011 um 17:53 schrieb Justin Edelson: > >> >> I'm not in favor of abandoning the DavEx->Sling Auth integration this >> for two reasons: 1) as Carsten noted in one of his JIRA comments, >> there are browser-based DavEx applications which depend upon Sling >> Authentication to work seamlessly and 2) we lose out on the use of the >> AuthenticationInfoPostProcessor infrastructure. > > Agreed. Which I come to the same conclusion (not abandoning Sling's nice > stuff) > >> >> In addition, I suspect that while the requirements of the DavEx >> servlet with respect to Sling Authentication are not entirely unique >> and that *if* there are changes required in Sling Authentication to >> support the DavEx servlet will benefit other use cases. > > Well, there is a unique "feature" which is called "missing-auth-mapping". I > am not entirely sure, that I want to add support for such functionality. > Because in essence, this would just replace one "anonymous" user with another > one (with maybe the added functionality of being able to disable that > user...). > >> >> I'm convinced the problems are entirely solvable and I'm not ready to >> throw in the towel quite yet. I may change my mind :) > > Do we have something else (other than the missing-auth-mapping stuff) ? Tests :) > > Regards > Felix > >> >> That said, as a short term solution to the issue Markus is having, I'm >> perfectly fine with rollback SLING-2167, reapply the change described >> in SLING-2256, and releasing DavEx 1.1.0. >> >> Justin >> >>> >>> The price to pay is, that authentication for this does not go through Sling >>> and does not benefit from Sling's central configuration and setup. >>> >>> Regards >>> Felix >>> >>>> >>>> Regards, >>>> Markus >>>> >>>> >>>> >>>> >>>>> >>>>> Regards >>>>> Felix >>>>> >>>>>> >>>>>> Thanks, >>>>>> Markus >>>>> >>>>> >>> >>> >