[jira] Commented: (SLING-966) Make internal sling authentication publicly available

[Felix Meschberger (JIRA)]

    [ 
https://issues.apache.org/jira/browse/SLING-966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12797022#action_12797022
 ] 

Felix Meschberger commented on SLING-966:
-----------------------------------------

I have committed a first shot at the new standalone authentication bundle in 
Rev. 896345 at http://svn.apache.org/repos/asf/sling/trunk/bundles/commons/auth

This commit slightly deviates from the original patches:

(1) The client implementable API is placed in a different package to simplify 
API evolution and to decouple versioning issues for API implemented by the 
bundle itself and API intended to be implemented by client bundles.

(2) I added functionality to better control whether a request must be 
authenticated or not. Until now, a single configuration setting was available 
to declare whether requests have to be authenticated or not: the "Allow 
Anonymous Access" configuration property. Now a list of paths may be 
ocnfigured. Each entry defines a subtree and declares whether requests in that 
subtree must be authenticated or not.

This change of course requires update in the documentation at 
http://sling.apache.org/site/authentication.html

> Make internal sling authentication publicly available
> -----------------------------------------------------
>
>                 Key: SLING-966
>                 URL: https://issues.apache.org/jira/browse/SLING-966
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Commons Auth 1.0.0
>
>         Attachments: SLING-966.patch, SLING-966b.patch, SLING-966c.patch
>
>
> Currently the SlingAuthenticator is an internal class in the Engine bundle, 
> which is used by the SlingMainServlet to handle the authentication as part of 
> an OSGi HTTP Service specification HttpContext object.
> To use the Sling authentication framework with the Authenticator and the 
> AuthenticationHandlers outside of the SlingMainServlet, that is for other 
> servlets directly registered with the OSGi HttpService the authentication 
> functionality should be made publicly available.
> One approach would be to provide a new authenticate() method in the 
> Authenticator interface. Another option would be to provide an abstract 
> HttpContext which already implements the HttpContext.handleSecurity method 
> using the SlingAuthenticator instance.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.