You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by Felix Meschberger <fm...@adobe.com> on 2011/11/09 22:02:25 UTC

Re: Anonymous user

Hi

Moving to dev@... (bcc only to users@)

Am 09.11.2011 um 18:24 schrieb Felix Meschberger:

>> 
>> In addition, I suspect that while the requirements of the DavEx
>> servlet with respect to Sling Authentication are not entirely unique
>> and that *if* there are changes required in Sling Authentication to
>> support the DavEx servlet will benefit other use cases.
> 
> Well, there is a unique "feature" which is called "missing-auth-mapping". I am not entirely sure, that I want to add support for such functionality. Because in essence, this would just replace one "anonymous" user with another one (with maybe the added functionality of being able to disable that user...).

On second thought ....

The location to implement this would probably be the JcrResourceResolverFactory implementing the getResourceResolver method. This could then do analogous to the missing-auth-mapping.

Still not sure, whether we would want to go there ...

Regards
Felix

Re: Anonymous user

Posted by Felix Meschberger <fm...@adobe.com>.

Hi,

I created SLING-2276 [1] and attached a potential but yet untested patch....

Regards
Felix

[1] https://issues.apache.org/jira/browse/SLING-2276

Am 10.11.2011 um 00:20 schrieb Justin Edelson:

> On Wed, Nov 9, 2011 at 3:03 PM, Felix Meschberger <fm...@adobe.com> wrote:
>> Hi,
>> 
>> Am 09.11.2011 um 22:28 schrieb Justin Edelson:
>> 
>>> On Wed, Nov 9, 2011 at 1:02 PM, Felix Meschberger <fm...@adobe.com> wrote:
>>>> Hi
>>>> 
>>>> Moving to dev@... (bcc only to users@)
>>>> 
>>>> Am 09.11.2011 um 18:24 schrieb Felix Meschberger:
>>>> 
>>>>>> 
>>>>>> In addition, I suspect that while the requirements of the DavEx
>>>>>> servlet with respect to Sling Authentication are not entirely unique
>>>>>> and that *if* there are changes required in Sling Authentication to
>>>>>> support the DavEx servlet will benefit other use cases.
>>>>> 
>>>>> Well, there is a unique "feature" which is called "missing-auth-mapping". I am not entirely sure, that I want to add support for such functionality. Because in essence, this would just replace one "anonymous" user with another one (with maybe the added functionality of being able to disable that user...).
>>>> 
>>>> On second thought ....
>>>> 
>>>> The location to implement this would probably be the JcrResourceResolverFactory implementing the getResourceResolver method. This could then do analogous to the missing-auth-mapping.
>>>> 
>>>> Still not sure, whether we would want to go there ...
>>> 
>>> I was thinking it belonged in SlingAuthenticator's
>>> getAnonymousResolver() method.
>>> 
>>> Could be something as simple as:
>>> if (request.getAttribute("anonymous.userid") {
>>>   ResourceResolver resolver =
>>> resourceResolverFactory.getResourceResolver(Collections.singletonMap(ResourceResolverFactory.USER_IMPERSONATION,
>>> request.getAttribute("anonymous.userid"));
>>> } else {
>>>   ResourceResolver resolver =
>>> resourceResolverFactory.getResourceResolver(null);
>>> }
>> 
>> The drawback of this solution would be to not be able to easily leverage JCR 2 GuestCredentials.... Do we need that ?
> 
> IIUC, in the case Markus is describing (which is where you would set
> the anonymous.userid attribute), GuestCredentials wouldn't work.
> 
> In essence, if wanted to put a non-blank, non-null value in
> missing-auth-mapping, that's the same value which would go into this
> anonymous.userid (which maybe would be better named
> missing.auth.userid) attribute.
> 
> Justin
> 
>> 
>> Regards
>> Felix
>> 
>> 
>>> 
>>> Justin
>>> 
>>>> 
>>>> Regards
>>>> Felix
>> 
>>

Re: Anonymous user

Posted by Justin Edelson <ju...@justinedelson.com>.

On Wed, Nov 9, 2011 at 3:03 PM, Felix Meschberger <fm...@adobe.com> wrote:
> Hi,
>
> Am 09.11.2011 um 22:28 schrieb Justin Edelson:
>
>> On Wed, Nov 9, 2011 at 1:02 PM, Felix Meschberger <fm...@adobe.com> wrote:
>>> Hi
>>>
>>> Moving to dev@... (bcc only to users@)
>>>
>>> Am 09.11.2011 um 18:24 schrieb Felix Meschberger:
>>>
>>>>>
>>>>> In addition, I suspect that while the requirements of the DavEx
>>>>> servlet with respect to Sling Authentication are not entirely unique
>>>>> and that *if* there are changes required in Sling Authentication to
>>>>> support the DavEx servlet will benefit other use cases.
>>>>
>>>> Well, there is a unique "feature" which is called "missing-auth-mapping". I am not entirely sure, that I want to add support for such functionality. Because in essence, this would just replace one "anonymous" user with another one (with maybe the added functionality of being able to disable that user...).
>>>
>>> On second thought ....
>>>
>>> The location to implement this would probably be the JcrResourceResolverFactory implementing the getResourceResolver method. This could then do analogous to the missing-auth-mapping.
>>>
>>> Still not sure, whether we would want to go there ...
>>
>> I was thinking it belonged in SlingAuthenticator's
>> getAnonymousResolver() method.
>>
>> Could be something as simple as:
>> if (request.getAttribute("anonymous.userid") {
>>   ResourceResolver resolver =
>> resourceResolverFactory.getResourceResolver(Collections.singletonMap(ResourceResolverFactory.USER_IMPERSONATION,
>> request.getAttribute("anonymous.userid"));
>> } else {
>>   ResourceResolver resolver =
>> resourceResolverFactory.getResourceResolver(null);
>> }
>
> The drawback of this solution would be to not be able to easily leverage JCR 2 GuestCredentials.... Do we need that ?

IIUC, in the case Markus is describing (which is where you would set
the anonymous.userid attribute), GuestCredentials wouldn't work.

In essence, if wanted to put a non-blank, non-null value in
missing-auth-mapping, that's the same value which would go into this
anonymous.userid (which maybe would be better named
missing.auth.userid) attribute.

Justin

>
> Regards
> Felix
>
>
>>
>> Justin
>>
>>>
>>> Regards
>>> Felix
>
>

Re: Anonymous user

Posted by Felix Meschberger <fm...@adobe.com>.

Hi,

Am 09.11.2011 um 22:28 schrieb Justin Edelson:

> On Wed, Nov 9, 2011 at 1:02 PM, Felix Meschberger <fm...@adobe.com> wrote:
>> Hi
>> 
>> Moving to dev@... (bcc only to users@)
>> 
>> Am 09.11.2011 um 18:24 schrieb Felix Meschberger:
>> 
>>>> 
>>>> In addition, I suspect that while the requirements of the DavEx
>>>> servlet with respect to Sling Authentication are not entirely unique
>>>> and that *if* there are changes required in Sling Authentication to
>>>> support the DavEx servlet will benefit other use cases.
>>> 
>>> Well, there is a unique "feature" which is called "missing-auth-mapping". I am not entirely sure, that I want to add support for such functionality. Because in essence, this would just replace one "anonymous" user with another one (with maybe the added functionality of being able to disable that user...).
>> 
>> On second thought ....
>> 
>> The location to implement this would probably be the JcrResourceResolverFactory implementing the getResourceResolver method. This could then do analogous to the missing-auth-mapping.
>> 
>> Still not sure, whether we would want to go there ...
> 
> I was thinking it belonged in SlingAuthenticator's
> getAnonymousResolver() method.
> 
> Could be something as simple as:
> if (request.getAttribute("anonymous.userid") {
>   ResourceResolver resolver =
> resourceResolverFactory.getResourceResolver(Collections.singletonMap(ResourceResolverFactory.USER_IMPERSONATION,
> request.getAttribute("anonymous.userid"));
> } else {
>   ResourceResolver resolver =
> resourceResolverFactory.getResourceResolver(null);
> }

The drawback of this solution would be to not be able to easily leverage JCR 2 GuestCredentials.... Do we need that ?

Regards
Felix


> 
> Justin
> 
>> 
>> Regards
>> Felix

Re: Anonymous user

Posted by Justin Edelson <ju...@justinedelson.com>.

On Wed, Nov 9, 2011 at 1:02 PM, Felix Meschberger <fm...@adobe.com> wrote:
> Hi
>
> Moving to dev@... (bcc only to users@)
>
> Am 09.11.2011 um 18:24 schrieb Felix Meschberger:
>
>>>
>>> In addition, I suspect that while the requirements of the DavEx
>>> servlet with respect to Sling Authentication are not entirely unique
>>> and that *if* there are changes required in Sling Authentication to
>>> support the DavEx servlet will benefit other use cases.
>>
>> Well, there is a unique "feature" which is called "missing-auth-mapping". I am not entirely sure, that I want to add support for such functionality. Because in essence, this would just replace one "anonymous" user with another one (with maybe the added functionality of being able to disable that user...).
>
> On second thought ....
>
> The location to implement this would probably be the JcrResourceResolverFactory implementing the getResourceResolver method. This could then do analogous to the missing-auth-mapping.
>
> Still not sure, whether we would want to go there ...

I was thinking it belonged in SlingAuthenticator's
getAnonymousResolver() method.

Could be something as simple as:
if (request.getAttribute("anonymous.userid") {
   ResourceResolver resolver =
resourceResolverFactory.getResourceResolver(Collections.singletonMap(ResourceResolverFactory.USER_IMPERSONATION,
request.getAttribute("anonymous.userid"));
} else {
   ResourceResolver resolver =
resourceResolverFactory.getResourceResolver(null);
}

Justin

>
> Regards
> Felix