[
https://issues.apache.org/jira/browse/SLING-966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-966:
------------------------------------
Attachment: SLING-966.patch
Proposed patch to implement this separation, also discussed on the dev list [1]
This patch creats a new commons/auth bundle, which itself exports the service
and plugin interfaces and implements the relevant classes.
New in this proposed bundle compared to the old Engine implementation is the
following:
* The o.a.s.commons.auth package exports extended API (compared to former
o.a.s.engine.auth)
* The o.a.s.engine.auth package is provided for backwards compatibility
(interfaces marked as decprecated)
* The SlingAuthenticator class provides the ResourceResolver instead of the
Session as a request
attribute (for now the Session is also provided for backwards
compatibility)
* The SlingAuthenticator class implements the ServletRequestListener
interface to be able to cleanup
the resource resolver after the request has ended (a finalize() method
is also implemented as a fallback)
WDYT ?
[1] http://markmail.org/thread/v3geth2icwzz7ppu
> Make internal sling authentication publicly available
> -----------------------------------------------------
>
> Key: SLING-966
> URL: https://issues.apache.org/jira/browse/SLING-966
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Felix Meschberger
> Attachments: SLING-966.patch
>
>
> Currently the SlingAuthenticator is an internal class in the Engine bundle,
> which is used by the SlingMainServlet to handle the authentication as part of
> an OSGi HTTP Service specification HttpContext object.
> To use the Sling authentication framework with the Authenticator and the
> AuthenticationHandlers outside of the SlingMainServlet, that is for other
> servlets directly registered with the OSGi HttpService the authentication
> functionality should be made publicly available.
> One approach would be to provide a new authenticate() method in the
> Authenticator interface. Another option would be to provide an abstract
> HttpContext which already implements the HttpContext.handleSecurity method
> using the SlingAuthenticator instance.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
