You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Ian Boston (JIRA)" <ji...@apache.org> on 2010/07/09 11:09:50 UTC
[jira] Commented: (SLING-1593) Decouple authentication mechanism
from JCR
[ https://issues.apache.org/jira/browse/SLING-1593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12886658#action_12886658 ]
Ian Boston commented on SLING-1593:
-----------------------------------
IIUC this removes the need to add a LoginModulePlugin with each new form of external authentication since the authentication is provided by the Credentials.validate interface.
Although this wil work, I am not certain how it will impact other areas which have some fundamental bindings.
1. If you want to talk about the user in any ACL's the principal must be resolvable from userID <=> Principal since thats the way the AccessContronProvider works both during resolution and when modifying an ACE.
2. If the user is going to take part in any Group membership, then they have to be a JCR User managed by the Jackrabbit UserManager since membership is defined as jcr references and bound to UserImpl and GroupImpl.
So even if we do remove the AuthN to JCR Binding for Slng, if JCR in the form of Jackrabbit is present the binding is still there if the user is going to do anything related to AuthZ.
Having said that, the change looks like a step in the right direction.
> Decouple authentication mechanism from JCR
> ------------------------------------------
>
> Key: SLING-1593
> URL: https://issues.apache.org/jira/browse/SLING-1593
> Project: Sling
> Issue Type: Improvement
> Components: API, Commons
> Reporter: Mike Müller
>
> Felix made a good proposal how to decouple the authentication mechanism from JCR at [1] after the discussion at [2]. The remaining issue there was how to ensure JCR sessions which are placed into AuthenticationInfo be closed. To solve that issue we now can use the new SlingRequestListener [3].
> [1] https://cwiki.apache.org/SLING/user-authentication.html
> [2] http://markmail.org/message/aovh7lll4w6uwepv
> [3] https://issues.apache.org/jira/browse/SLING-1576
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.