Return-Path: X-Original-To: apmail-jackrabbit-dev-archive@www.apache.org Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 571FE61FE for ; Tue, 19 Jul 2011 15:03:22 +0000 (UTC) Received: (qmail 76998 invoked by uid 500); 19 Jul 2011 15:03:22 -0000 Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org Received: (qmail 76734 invoked by uid 500); 19 Jul 2011 15:03:21 -0000 Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list dev@jackrabbit.apache.org Received: (qmail 76714 invoked by uid 99); 19 Jul 2011 15:03:20 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Jul 2011 15:03:20 +0000 X-ASF-Spam-Status: No, hits=-2001.1 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Jul 2011 15:03:19 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 44481446FF for ; Tue, 19 Jul 2011 15:02:59 +0000 (UTC) Date: Tue, 19 Jul 2011 15:02:59 +0000 (UTC) From: "angela (JIRA)" To: dev@jackrabbit.apache.org Message-ID: <244995251.4155.1311087779276.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <1258827397.10238.1310573099956.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Reopened] (JCR-3021) AbstractRepositoryService.createSessionInfo should handle null credentials MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/JCR-3021?page=3Dcom.atlassian.= jira.plugin.system.issuetabpanels:all-tabpanel ] angela reopened JCR-3021: ------------------------- i am not convinced that this change according to the specification which st= ates: > 4.2.2 Guest Credentials=20 > GuestCredentials is used to acquire an anonymous session.=20 and > 4.2.4 External Authentication=20 > By providing a signature of Repository.login that does not require=20 > Credentials, the content repository allows for authorization and authenti= cation=20 > to be handled by JAAS (or another external mechanism) if the implementer = so=20 > chooses.=20 > To use such an external mechanism to create sessions with end-user identi= ty,=20 > invocations of the Repository.login method that do not specify Credential= s=20 > (i.e., either a null Credentials is passed or a signature without the=20 > Credentials parameter is used) should obtain the identity of the already-= =20 > authenticated user through that external mechanism. IMO having null credentials mapped to anonymous login is not correct. we use to have that in jackrabbit-core for backwards compatibility but i would rather add this to the SPI. > AbstractRepositoryService.createSessionInfo should handle null credential= s > -------------------------------------------------------------------------= - > > Key: JCR-3021 > URL: https://issues.apache.org/jira/browse/JCR-3021 > Project: Jackrabbit Content Repository > Issue Type: Improvement > Components: jackrabbit-spi-commons > Affects Versions: 2.3.0 > Reporter: Michael D=C3=BCrig > Assignee: Michael D=C3=BCrig > Fix For: 2.3.0 > > -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira