sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David G." <davidjgonza...@gmail.com>
Subject Re: Sling Authentication
Date Thu, 09 Jun 2011 23:26:21 GMT
Vidar,

Hrm - i think i misspoke.

I am trying to figure out the mechanics of
Authentication/De-Authentication (Sign-In/Sign-Out) for web apps using
Sling.

Essentially I want to create two entry points, one that Authenticates
the user to my web app (sign-in) and one that de-authenticates the
user (sign-out).

For sign-in i am using a custom Authentication Handler, which through
the extractCredentials method, creates/retrieves a JCR user and
creates an AuthenticationInfo object for said user - and returns it.

I was under the impression this was enough to "authenticate" the user
and allow a session cookie to be created, etc. (basically treat the
user as logged in).

For some reason, even when I pass back a "valid" AutheticationInfo
object (and by valid, i mean it represents the user) from the
AuthenticationHandler's extractcredentials my user is not recognized
as being "signed in" by Sling (ProfileUtil.isAnonymous(slingReqest) ==
true).

Im trying to figure out what the mechanics are for having Sling/JCR
persist recognition of my user as signed in accross the life of their
visit to the web site.

Also, I am tyring to undetstand how to create a logout mechanism that
operates in a similar fashion.

Thanks



On Thu, Jun 9, 2011 at 2:45 AM, Vidar Ramdal <vidar.ramdal@webstep.no> wrote:
> 2011/6/9 David G. <davidjgonzalez@gmail.com>:
>> I am writing a custom Sling Authentication Handler and am having
>> trouble understanding where the actual "authentication" to sling takes
>> place.
>>
>> Currently my Authentication Handler validates credentials against a
>> third party system, creates a user in JCR as necessary, gets an
>> AuthenticationInfo object based on that user ,and returns that
>> AuthenticationInfo object.
>>
>> I was under the impression that returning  a non-null
>> AuthenticationInfo object was enough for sling to authenticate the
>> user, however this does not appear to be the case (unless I my
>> Authentication Info obj isnt properly formed i suppose).
>>
>> Should all I have to do is return an AuthenticationInfo obj from
>> extractCredentials in my Custom Authenication Handler to authenticate
>> the user to Sling? Or is there something else I have to do?
>> If not, is there anything special in how the AuthenticationInfo is created?
>
> There is basically no such thing as "authentication to Sling" - the
> authentication is done to the underlying JCR. I'm not sure what you
> mean with "actual authentication", but in JCR terms it is the
> LoginModule who do that work.
> Also, make sure your AuthenticationHandler is actually called.
>
>
> --
> Vidar S. Ramdal <vidar.ramdal@webstep.no>
> Webstep AS - http://www.webstep.no
> Bes√łksadresse: Lilleakerveien 8, 0283 Oslo
> Postadresse: Postboks 66, 1324 Lysaker
>

Mime
View raw message