hi felix that makes sense. in general i would suggest to consistently use GuestCredentials and get rid of the jr-core-null workaround that in fact relies on an comfortable but somewhat incorrect implementation detail...
hope that helps angela On 3/1/13 11:29 AM, Felix Meschberger wrote:
Hi Yes, we assume this under the "backwards compatibility" umbrella. IIRC Jackrabbit supported the null-argument in this way, too. So we just made it explicit. What we might want to change, though, is to use JCR 2 GuestCredentials instead of doing our own anonmous login stuff and thus get rid of the PluggableLoginModule for anonnyous access. we could also improve a bit by checking for an access control context:if (credentials == null) { if (hasAccessControlContext()&& hasSubject()) { // assume "external" authentication } else { // assume backwards compatibility anon login credentials = new GuestCredentials(); } }WDYT ? Regards Felix Am 01.03.2013 um 10:43 schrieb Antonio Sanso (JIRA):Antonio Sanso created SLING-2762: ------------------------------------ Summary: AbstractSlingRepository#login violates JCR spec Key: SLING-2762 URL: https://issues.apache.org/jira/browse/SLING-2762 Project: Sling Issue Type: Bug Components: JCR Reporter: Antonio Sanso AbstractSlingRepository#login seems to violate the javax.jcr.Repository spec. The API [0] says " If credentials is null, it is assumed that authentication is handled by a mechanism external to the repository itself (for example, through the JAAS framework) and that the repository implementation exists within a context (for example, an application server) that allows it to handle authorization of the request for access to the specified workspace." while the implementation looks like {code} ... if (credentials == null) { credentials = getAnonCredentials(this.anonUser); } ... {code} [0] http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Repository.html#login%28javax.jcr.Credentials,%20java.lang.String%29 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira-- Felix Meschberger | Principal Scientist | Adobe
