You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@sling.apache.org by Dmitry Telegin <mi...@cargosoft.ru> on 2018/08/14 00:59:08 UTC
Pre-authenticated login from Sling to Oak
Hi,
As per the document [1], to pre-authenticate a user in the Sling tier, one needs to do the following:
> 1. verify the identity in the layer on top of the JCR repository (e.g. in a custom Sling Authentication Handler)
> 2. pass a custom, non-public Credentials implementation to the repository login
The 1st step is clear, I was able to create a custom AuthenticationHandler and verify the identity. But how exactly do I pass custom Credentials implementation to the repository login?
AuthenticationHandler should return AuthenticationInfo, which is actually a HashMap<String, Object> with well-defined fields like user and password. I guess I have to put my custom Credentials instance there, but under what key?
Thanks in advance,
Dmitry
[1] http://jackrabbit.apache.org/oak/docs/security/authentication/preauthentication.html
Re: Pre-authenticated login from Sling to Oak
Posted by Robert Munteanu <ro...@apache.org>.
Hi Dmitry,
On Tue, 2018-08-14 at 03:59 +0300, Dmitry Telegin wrote:
> Hi,
>
> As per the document [1], to pre-authenticate a user in the Sling
> tier, one needs to do the following:
>
> > 1. verify the identity in the layer on top of the JCR repository
> > (e.g. in a custom Sling Authentication Handler)
> > 2. pass a custom, non-public Credentials implementation to the
> > repository login
>
> The 1st step is clear, I was able to create a custom
> AuthenticationHandler and verify the identity. But how exactly do I
> pass custom Credentials implementation to the repository login?
My reading of the Oak page is that you should do that in step 3.
"create a custom login module that only supports these dedicated
credentials". If you look at the code example on that page, it does
exactly that
sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(userId));
sharedState.put(SHARED_KEY_CREDENTIALS, new SimpleCredentials(userId, new char[0]));
sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
And the credential implementation seems to the SimpleCredentials with an empty password.
Does that work for you?
Robert