[
https://issues.apache.org/jira/browse/SLING-1593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12898134#action_12898134
]
Felix Meschberger commented on SLING-1593:
------------------------------------------
Now that the Sling Authenticator is using the ResourceResolverFactory to create
a ResourceResolver using the extracted credentials (or AuthenticationInfo) I
would prefer to no apply this patch.
If we want to add more functionality to the validation of credentials, I think
we need a different ResourceResolverFactory implementing this.
Now, currently the ResourceResolverFactory is implemented by the jcr/resource
bundle, which contains both the ResourceResovlerFactory implementation as well
as the JcrResourceProvider. To solve this we should probably separate the
ResourceResolverFactory and ResourceResolver implementations into a separate
bundle and just keep the JcrResourceProvider in the jcr/resource bundle.
As it is described in
https://cwiki.apache.org/SLING/add-resourceresolverfactory-service-interface.html
> Decouple authentication mechanism from JCR
> ------------------------------------------
>
> Key: SLING-1593
> URL: https://issues.apache.org/jira/browse/SLING-1593
> Project: Sling
> Issue Type: Improvement
> Components: API, Commons, JCR
> Reporter: Mike Müller
> Assignee: Mike Müller
> Fix For: Commons Auth 1.0.0
>
> Attachments: sling-1593.patch
>
>
> Felix made a good proposal how to decouple the authentication mechanism from
> JCR at [1] after the discussion at [2]. The remaining issue there was how to
> ensure JCR sessions which are placed into AuthenticationInfo be closed. To
> solve that issue we now can use the new SlingRequestListener [3].
> [1] https://cwiki.apache.org/SLING/user-authentication.html
> [2] http://markmail.org/message/aovh7lll4w6uwepv
> [3] https://issues.apache.org/jira/browse/SLING-1576
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
