You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/01/02 16:12:54 UTC

[jira] Updated: (SLING-966) Make internal sling authentication publicly available

     [ https://issues.apache.org/jira/browse/SLING-966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger updated SLING-966:
------------------------------------

    Attachment: SLING-966.patch

Proposed patch to implement this separation, also discussed on the dev list [1]

This patch creats a new commons/auth bundle, which itself exports the service and plugin interfaces and implements the relevant classes.

New in this proposed bundle compared to the old Engine implementation is the following:

  * The o.a.s.commons.auth package exports extended API (compared to former o.a.s.engine.auth)
  * The o.a.s.engine.auth package is provided for backwards compatibility (interfaces marked as decprecated)
  * The SlingAuthenticator class provides the ResourceResolver instead of the Session as a request
       attribute (for now the Session is also provided for backwards compatibility)
  * The SlingAuthenticator class implements the ServletRequestListener interface to be able to cleanup
       the resource resolver after the request has ended (a finalize() method is also implemented as a fallback)

WDYT ?

[1] http://markmail.org/thread/v3geth2icwzz7ppu

> Make internal sling authentication publicly available
> -----------------------------------------------------
>
>                 Key: SLING-966
>                 URL: https://issues.apache.org/jira/browse/SLING-966
>             Project: Sling
>          Issue Type: Improvement
>          Components: Engine
>            Reporter: Felix Meschberger
>         Attachments: SLING-966.patch
>
>
> Currently the SlingAuthenticator is an internal class in the Engine bundle, which is used by the SlingMainServlet to handle the authentication as part of an OSGi HTTP Service specification HttpContext object.
> To use the Sling authentication framework with the Authenticator and the AuthenticationHandlers outside of the SlingMainServlet, that is for other servlets directly registered with the OSGi HttpService the authentication functionality should be made publicly available.
> One approach would be to provide a new authenticate() method in the Authenticator interface. Another option would be to provide an abstract HttpContext which already implements the HttpContext.handleSecurity method using the SlingAuthenticator instance.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.