Vidar, Hrm - i think i misspoke.
I am trying to figure out the mechanics of Authentication/De-Authentication (Sign-In/Sign-Out) for web apps using Sling. Essentially I want to create two entry points, one that Authenticates the user to my web app (sign-in) and one that de-authenticates the user (sign-out). For sign-in i am using a custom Authentication Handler, which through the extractCredentials method, creates/retrieves a JCR user and creates an AuthenticationInfo object for said user - and returns it. I was under the impression this was enough to "authenticate" the user and allow a session cookie to be created, etc. (basically treat the user as logged in). For some reason, even when I pass back a "valid" AutheticationInfo object (and by valid, i mean it represents the user) from the AuthenticationHandler's extractcredentials my user is not recognized as being "signed in" by Sling (ProfileUtil.isAnonymous(slingReqest) == true). Im trying to figure out what the mechanics are for having Sling/JCR persist recognition of my user as signed in accross the life of their visit to the web site. Also, I am tyring to undetstand how to create a logout mechanism that operates in a similar fashion. Thanks On Thu, Jun 9, 2011 at 2:45 AM, Vidar Ramdal <[email protected]> wrote: > 2011/6/9 David G. <[email protected]>: >> I am writing a custom Sling Authentication Handler and am having >> trouble understanding where the actual "authentication" to sling takes >> place. >> >> Currently my Authentication Handler validates credentials against a >> third party system, creates a user in JCR as necessary, gets an >> AuthenticationInfo object based on that user ,and returns that >> AuthenticationInfo object. >> >> I was under the impression that returning a non-null >> AuthenticationInfo object was enough for sling to authenticate the >> user, however this does not appear to be the case (unless I my >> Authentication Info obj isnt properly formed i suppose). >> >> Should all I have to do is return an AuthenticationInfo obj from >> extractCredentials in my Custom Authenication Handler to authenticate >> the user to Sling? Or is there something else I have to do? >> If not, is there anything special in how the AuthenticationInfo is created? > > There is basically no such thing as "authentication to Sling" - the > authentication is done to the underlying JCR. I'm not sure what you > mean with "actual authentication", but in JCR terms it is the > LoginModule who do that work. > Also, make sure your AuthenticationHandler is actually called. > > > -- > Vidar S. Ramdal <[email protected]> > Webstep AS - http://www.webstep.no > Besøksadresse: Lilleakerveien 8, 0283 Oslo > Postadresse: Postboks 66, 1324 Lysaker >
