[
https://issues.apache.org/jira/browse/SLING-966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12796679#action_12796679
]
Mike Müller commented on SLING-966:
-----------------------------------
Maybe decoupling is not a bad idea, especially if there's a good chance that we
extend the new interface in the future and have to support the legacy auth
stuff for a longer time.
+1 for completely decoupling the old from the new API
In your patch you have deleted the old AuthenticationHandler2. Actually it is
not that old and was implemented in Rev. 825501 (see SLING-1155). Maybe we
should close SLING-1155 as Duplicate or Won't fix.
WDYT?
> Make internal sling authentication publicly available
> -----------------------------------------------------
>
> Key: SLING-966
> URL: https://issues.apache.org/jira/browse/SLING-966
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Felix Meschberger
> Attachments: SLING-966.patch, SLING-966b.patch
>
>
> Currently the SlingAuthenticator is an internal class in the Engine bundle,
> which is used by the SlingMainServlet to handle the authentication as part of
> an OSGi HTTP Service specification HttpContext object.
> To use the Sling authentication framework with the Authenticator and the
> AuthenticationHandlers outside of the SlingMainServlet, that is for other
> servlets directly registered with the OSGi HttpService the authentication
> functionality should be made publicly available.
> One approach would be to provide a new authenticate() method in the
> Authenticator interface. Another option would be to provide an abstract
> HttpContext which already implements the HttpContext.handleSecurity method
> using the SlingAuthenticator instance.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
