sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vidar Ramdal <>
Subject Re: Sling Authentication
Date Thu, 09 Jun 2011 09:45:59 GMT
2011/6/9 David G. <>:
> I am writing a custom Sling Authentication Handler and am having
> trouble understanding where the actual "authentication" to sling takes
> place.
> Currently my Authentication Handler validates credentials against a
> third party system, creates a user in JCR as necessary, gets an
> AuthenticationInfo object based on that user ,and returns that
> AuthenticationInfo object.
> I was under the impression that returning  a non-null
> AuthenticationInfo object was enough for sling to authenticate the
> user, however this does not appear to be the case (unless I my
> Authentication Info obj isnt properly formed i suppose).
> Should all I have to do is return an AuthenticationInfo obj from
> extractCredentials in my Custom Authenication Handler to authenticate
> the user to Sling? Or is there something else I have to do?
> If not, is there anything special in how the AuthenticationInfo is created?

There is basically no such thing as "authentication to Sling" - the
authentication is done to the underlying JCR. I'm not sure what you
mean with "actual authentication", but in JCR terms it is the
LoginModule who do that work.
Also, make sure your AuthenticationHandler is actually called.

Vidar S. Ramdal <>
Webstep AS -
Bes√łksadresse: Lilleakerveien 8, 0283 Oslo
Postadresse: Postboks 66, 1324 Lysaker

View raw message