Ok, done in trunk of the GET servlets for https://issues.apache.org/jira/browse/SLING-1706
Regards Felix On 30.08.2010 14:49, Clemens Wyss wrote: >> I also >> recently thought about extending this servlet by adding >> another property >> authType which is fed with the value of the >> HttpServletRequest.getAuthType() method. > you would extend SessionInfoProvider? > +1, authType is session related and, as you mentioned, > more stable than '"anonymous" != Sling.getSessionInfo.userID' > Also, I could use it right now in the jQuery JCR Explorer ;-) > >> -----Original Message----- >> From: Felix Meschberger [mailto:[email protected]] >> Sent: Monday, August 30, 2010 2:29 PM >> To: [email protected] >> Subject: Re: Howto determine whether the user is >> authenticated/logged in >> >> >> Hi, >> >> On 30.08.2010 14:05, Clemens Wyss - MySign AG wrote: >>> what is the appropriate way to determine whether a user is >> authenticated/logged in? Anything more explicit than >>> !request.resourceResolver.getUserID().equals("anonymous") >>> ? >> >> On the server side, the correct thing is to check the value of the >> HttpServletRequest.getAuthType() method. If this method returns null, >> the request is not authenticated. >> >> Checking for the "anonymous" user id is not stable for two reasons: A >> user may have authenticated as the "anonymous" user or the >> user used for >> unauthenticated request is not necessairily called "anonymous". >> >>> >>> How about on the client side (javascript)? Anything else than >>> "anonymous" != Sling.getSessionInfo.userID >>> ? >> >> The client currently is a problem, because the Sling session >> information >> servlet is incomplete and does not have this information. I also >> recently thought about extending this servlet by adding >> another property >> authType which is fed with the value of the >> HttpServletRequest.getAuthType() method. >> >> WDYT ? >> >> Regards >> Felix >>
