incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Felix Meschberger (Confluence)" <conflue...@apache.org>
Subject [CONF] Apache Sling > Solving the Authentication Handler Credential Validation Problem
Date Fri, 27 Sep 2013 13:44:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/en/2176/1/1/_/styles/combined.css?spaceKey=SLING&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/SLING/Solving+the+Authentication+Handler+Credential+Validation+Problem?focusedCommentId=34025100#comment-34025100">Solving
the Authentication Handler Credential Validation Problem</a></h2>
        <h4>Page
        <b>comment added</b> by              <a href="https://cwiki.apache.org/confluence/display/~fmeschbe">Felix
Meschberger</a>
    </h4>
    <br/>
    <div class="notificationGreySide">
       <p>Re. GuestCredentials: Agreed, we should probably fix that, too. Updated the
code.</p>
    </div>

                <div style="border-bottom: 1px solid #ddd; padding: 10px 20px 7px 20px;">
        <strong>In reply to a comment by <a href="/confluence/display/~angela"
                          class="url fn confluence-userlink" data-username="angela"
                   >Angela Schreiber</a>:</strong><br/>
        <p>sounds very promising. this would allow us finally make full usage of the
pre-auth setup in jackrabbit across the whole stack.</p>

<p>one one thing that is not correct IMO: the specification defines that an anonymous
session should be obtained by using<br/>
the "GuestCredentials" that have been introduced by JSR 283.</p>

<p>the following code therefore seems wrong to me and i don't think that the anonymous
user should have other credentials<br/>
than the GuestCredentials. in particular the anonymous user should not have a password:</p>

<p>getRepository().login(getAnonCredentials(this.anonUser))</p>

<p>instead i would write this as</p>

<p>getRepository().login(new GuestCredentials())</p>
        </div>
    
    <div id="commentsSection" class="wiki-content pageSection">
      <div style="float: right;" class="grey">
                        <a href="https://cwiki.apache.org/confluence/users/removespacenotification.action?spaceKey=SLING">Stop
watching space</a>
            <span style="padding: 0px 5px;">|</span>
                <a href="https://cwiki.apache.org/confluence/users/editmyemailsettings.action">Change
email notification preferences</a>
</div>
       <a href="https://cwiki.apache.org/confluence/display/SLING/Solving+the+Authentication+Handler+Credential+Validation+Problem?focusedCommentId=34025100#comment-34025100">View
Online</a>
              |
       <a id="reply-34025100" href="https://cwiki.apache.org/confluence/display/SLING/Solving+the+Authentication+Handler+Credential+Validation+Problem?replyToComment=34025100#comment-34025100">Reply
To This</a>
           </div>

</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message