[
https://issues.apache.org/jira/browse/SLING-1593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Müller updated SLING-1593:
-------------------------------
Attachment: sling-1593c.patch
Okay, that sounds good to me. In this case we don't need to change
JcrResourceResolverFactoryImpl.
I changed the patch as discussed.
AuthenticationFeedbackHandler#authenticationSucceeded is not called after
successful CredentialsValidator#validate, it is called (as before) after
successful getting the ResourceResolver from the ResourceResolverFactory. I
think that's correct because ResourceResolverFactory can throw a LoginException
as well.
AuthenticationFeedbackHandler#authenticationFailed is called after
CredentialsValidator#validate if a LoginException is thrown.
Can you have another look at the patch before I commit?
> Decouple authentication mechanism from JCR
> ------------------------------------------
>
> Key: SLING-1593
> URL: https://issues.apache.org/jira/browse/SLING-1593
> Project: Sling
> Issue Type: Improvement
> Components: API, Commons, JCR
> Reporter: Mike Müller
> Assignee: Mike Müller
> Fix For: Commons Auth 1.0.0
>
> Attachments: sling-1593.patch, sling-1593b.patch, sling-1593c.patch
>
>
> Felix made a good proposal how to decouple the authentication mechanism from
> JCR at [1] after the discussion at [2]. The remaining issue there was how to
> ensure JCR sessions which are placed into AuthenticationInfo be closed. To
> solve that issue we now can use the new SlingRequestListener [3].
> [1] https://cwiki.apache.org/SLING/user-authentication.html
> [2] http://markmail.org/message/aovh7lll4w6uwepv
> [3] https://issues.apache.org/jira/browse/SLING-1576
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
