|
[CONF] Apache Sling > Solving the Authentication Handler Credential Validation Problem
Alexander Klimetschek (Confluence) Mon, 16 Dec 2013 12:51:55 -0800
Solving the Authentication Handler Credential Validation Problem - [CONF] Apache Sling > Solving the Au... Angela Schreiber (Confluence)
- [CONF] Apache Sling > Solving the Au... Angela Schreiber (Confluence)
- [CONF] Apache Sling > Solving the Au... Felix Meschberger (Confluence)
- [CONF] Apache Sling > Solving the Au... Felix Meschberger (Confluence)
- [CONF] Apache Sling > Solving the Au... Felix Meschberger (Confluence)
- [CONF] Apache Sling > Solving the Au... Felix Meschberger (Confluence)
- [CONF] Apache Sling > Solving the Au... Antonio Sanso (Confluence)
- [CONF] Apache Sling > Solving the Au... Felix Meschberger (Confluence)
- [CONF] Apache Sling > Solving the Au... Felix Meschberger (Confluence)
- [CONF] Apache Sling > Solving the Au... Alexander Klimetschek (Confluence)
- [CONF] Apache Sling > Solving the Au... Alexander Klimetschek (Confluence)
- [CONF] Apache Sling > Solving the Au... Chetan Mehrotra (Confluence)
- [CONF] Apache Sling > Solving the Au... Chetan Mehrotra (Confluence)
I had some ideas on the list about list about using SlingRepository.loginService() in preauthenticated auth handlers (plus that "user.identified" username) as a way to do the login. Then by configuring the service user mapping (whitelisted) you can restrict which service/auth handler can do that. Then loginAdministrative() usages can be removed from auth handlers, as well as all other broad trust mechanisms (trusted credentials attribute, null login?, etc.). This might already be covered by this proposal, but I am not 100% sure.