[
https://issues.apache.org/jira/browse/SLING-1593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12898282#action_12898282
]
Mike Müller commented on SLING-1593:
------------------------------------
I'm not very happy that the validation of credentials should be done in the
ResourceResolverFactory. The ResourceResolverFactory should stick to what it's
name makes us believe it is doing: create a ResourceResolver (Single
Responsibility Principle). Furthermore I can't see any disadvantages in
applying the CredentialsValidator here as long as the interface is in the spi
package and not part of the Sling API.
In this patch there's also the change to the JcrSessionCollector which collects
old JCR sessions (with the help of the SlingRequestListener) to logout them if
needed. I think this is a much cleaner approach than before.
> Decouple authentication mechanism from JCR
> ------------------------------------------
>
> Key: SLING-1593
> URL: https://issues.apache.org/jira/browse/SLING-1593
> Project: Sling
> Issue Type: Improvement
> Components: API, Commons, JCR
> Reporter: Mike Müller
> Assignee: Mike Müller
> Fix For: Commons Auth 1.0.0
>
> Attachments: sling-1593.patch
>
>
> Felix made a good proposal how to decouple the authentication mechanism from
> JCR at [1] after the discussion at [2]. The remaining issue there was how to
> ensure JCR sessions which are placed into AuthenticationInfo be closed. To
> solve that issue we now can use the new SlingRequestListener [3].
> [1] https://cwiki.apache.org/SLING/user-authentication.html
> [2] http://markmail.org/message/aovh7lll4w6uwepv
> [3] https://issues.apache.org/jira/browse/SLING-1576
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
