incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Angela Schreiber (Confluence)" <conflue...@apache.org>
Subject [CONF] Apache Sling > Solving the Authentication Handler Credential Validation Problem
Date Fri, 27 Sep 2013 12:26:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/en/2176/1/1/_/styles/combined.css?spaceKey=SLING&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/SLING/Solving+the+Authentication+Handler+Credential+Validation+Problem?focusedCommentId=34025086#comment-34025086">Solving
the Authentication Handler Credential Validation Problem</a></h2>
    <h4>Comment edited by             <a href="https://cwiki.apache.org/confluence/display/~angela">Angela
Schreiber</a>
     :</h4>
    <br/>
                        <h4>Changes (2)</h4>
                                
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >than the GuestCredentials. in particular
the anonymous user should not have a password: <br> <br></td></tr>
            <tr><td class="diff-changed-lines" ><span class="diff-changed-words">get<span
class="diff-added-chars"style="background-color: #dfd;">Repository().login(get</span>AnonCredentials(this.anonUser)<span
class="diff-added-chars"style="background-color: #dfd;">)</span></span> <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">
<br>instead i would write this as <br> <br>getRepository().login(new GuestCredentials())
<br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                          <div class="notificationGreySide">
            <p>sounds very promising. this would allow us finally make full usage of
the pre-auth setup in jackrabbit across the whole stack.</p>

<p>one one thing that is not correct IMO: the specification defines that an anonymous
session should be obtained by using<br/>
the "GuestCredentials" that have been introduced by JSR 283.</p>

<p>the following code therefore seems wrong to me and i don't think that the anonymous
user should have other credentials<br/>
than the GuestCredentials. in particular the anonymous user should not have a password:</p>

<p>getRepository().login(getAnonCredentials(this.anonUser))</p>

<p>instead i would write this as</p>

<p>getRepository().login(new GuestCredentials())</p>
        </div>
    
    <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;" class="grey">
                        <a href="https://cwiki.apache.org/confluence/users/removespacenotification.action?spaceKey=SLING">Stop
watching space</a>
            <span style="padding: 0px 5px;">|</span>
                <a href="https://cwiki.apache.org/confluence/users/editmyemailsettings.action">Change
email notification preferences</a>
</div>
       <a href="https://cwiki.apache.org/confluence/display/SLING/Solving+the+Authentication+Handler+Credential+Validation+Problem?focusedCommentId=34025086#comment-34025086">View
Online</a>
              |
       <a id="reply-34025086" href="https://cwiki.apache.org/confluence/display/SLING/Solving+the+Authentication+Handler+Credential+Validation+Problem?replyToComment=34025086#comment-34025086">Reply
To This</a>
           </div>

</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message