Hi all, While looking at the CredentialValidator patch by Mike (SLING-1593 [1]) I came across the Authentication Info post processor infrastructure introduced by Justin (SLING-1444 [2]).
Now, I am bit worried of having two mechanisms with different services basically doing the same thing: Take an AuthenticationInfo object check, add, modify, remove properties (and return the object). Isn't this the same ? Do we really need two mechanism for almost the same ? How about a generic processor for credentials which is called after extracting the credentials from the request but before the credentials are provided to the ResourceResolverFactory. We could enhance this by allowing the processor to reject the credentials thus aborting early. WDYT ? Thanks and Regards Felix [1] https://issues.apache.org/jira/browse/SLING-1593 [2] https://issues.apache.org/jira/browse/SLING-1444
