Hi Dmitry,
On Tue, 2018-08-14 at 03:59 +0300, Dmitry Telegin wrote:
> Hi,
>
> As per the document [1], to pre-authenticate a user in the Sling
> tier, one needs to do the following:
>
> > 1. verify the identity in the layer on top of the JCR repository
> > (e.g. in a custom Sling Authentication Handler)
> > 2. pass a custom, non-public Credentials implementation to the
> > repository login
>
> The 1st step is clear, I was able to create a custom
> AuthenticationHandler and verify the identity. But how exactly do I
> pass custom Credentials implementation to the repository login?
My reading of the Oak page is that you should do that in step 3.
"create a custom login module that only supports these dedicated
credentials". If you look at the code example on that page, it does
exactly that
sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new
PreAuthenticatedLogin(userId));
sharedState.put(SHARED_KEY_CREDENTIALS, new SimpleCredentials(userId,
new char[0]));
sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
And the credential implementation seems to the SimpleCredentials with an empty
password.
Does that work for you?
Robert
