[
https://issues.apache.org/jira/browse/SLING-2762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13590525#comment-13590525
]
angela commented on SLING-2762:
-------------------------------
apart from violating the spec this also pretty awkward as the 'anonymous' in
sling represents the unauthenticated user.
login as such with other credentials that javax.jcr.GuestCredentials doesn't
make sense IMHO.
it's actually an oddity (or bug) in jackrabbit core that it was (actually is)
possible to login with SimpleCredentials build for the
anonymous user that has not been fixed in order not to break backwards
compatibility.
as of oak that special handling for the anonymous user will not be supported
any more and the built-in anonymous user
will not have a password property any more... so login(new
SimpleCredentials("anonymous", "") will no longer work.
instead login(new GuestCredentials) will succeed if a valid anonymous user
exists.
similarly, login(null) will no longer be converted into an anonymous-login by
default. to ease migration and provide a
backwards compatible setup there exists a separate loginmodule implementation
that will populate the shared-state
with guestcredentials in case of null-login.
hope that helps
> AbstractSlingRepository#login violates JCR spec
> -----------------------------------------------
>
> Key: SLING-2762
> URL: https://issues.apache.org/jira/browse/SLING-2762
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Reporter: Antonio Sanso
>
> AbstractSlingRepository#login seems to violate the javax.jcr.Repository spec.
> The API [0] says
> " If credentials is null, it is assumed that authentication is handled by a
> mechanism external to the repository itself (for example, through the JAAS
> framework) and that the repository implementation exists within a context
> (for example, an application server) that allows it to handle authorization
> of the request for access to the specified workspace."
> while the implementation looks like
> {code}
> ...
> if (credentials == null) {
> credentials = getAnonCredentials(this.anonUser);
> }
> ...
> {code}
> [0]
> http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Repository.html#login%28javax.jcr.Credentials,%20java.lang.String%29
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
