Hi, Am 01.03.2013 um 17:29 schrieb Angela Schreiber:
> hi felix > > that makes sense. in general i would suggest to consistently use > GuestCredentials and get rid of the jr-core-null workaround that > in fact relies on an comfortable but somewhat incorrect > implementation detail... Not having GuestCredentials, our use of the "anonymous credentials" was in fact done to prevent using the jr-core-null "sideeffect". But GuestCredentials is better for sure. > > hope that helps Sure does ;-) Regards Felix > angela > > On 3/1/13 11:29 AM, Felix Meschberger wrote: >> Hi >> >> Yes, we assume this under the "backwards compatibility" umbrella. IIRC >> Jackrabbit supported the null-argument in this way, too. So we just made it >> explicit. >> >> What we might want to change, though, is to use JCR 2 GuestCredentials >> instead of doing our own anonmous login stuff and thus get rid of the >> PluggableLoginModule for anonnyous access. >> >> we could also improve a bit by checking for an access control context: >> >>> if (credentials == null) { >>> if (hasAccessControlContext()&& hasSubject()) { >>> // assume "external" authentication >>> } else { >>> // assume backwards compatibility anon login >>> credentials = new GuestCredentials(); >>> } >>> } >>> >> >> WDYT ? >> >> Regards >> Felix >> >> Am 01.03.2013 um 10:43 schrieb Antonio Sanso (JIRA): >> >>> Antonio Sanso created SLING-2762: >>> ------------------------------------ >>> >>> Summary: AbstractSlingRepository#login violates JCR spec >>> Key: SLING-2762 >>> URL: https://issues.apache.org/jira/browse/SLING-2762 >>> Project: Sling >>> Issue Type: Bug >>> Components: JCR >>> Reporter: Antonio Sanso >>> >>> >>> AbstractSlingRepository#login seems to violate the javax.jcr.Repository >>> spec. >>> >>> The API [0] says >>> >>> " If credentials is null, it is assumed that authentication is handled by a >>> mechanism external to the repository itself (for example, through the JAAS >>> framework) and that the repository implementation exists within a context >>> (for example, an application server) that allows it to handle authorization >>> of the request for access to the specified workspace." >>> >>> while the implementation looks like >>> >>> {code} >>> ... >>> if (credentials == null) { >>> credentials = getAnonCredentials(this.anonUser); >>> } >>> ... >>> >>> {code} >>> >>> >>> [0] >>> http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Repository.html#login%28javax.jcr.Credentials,%20java.lang.String%29 >>> >>> -- >>> This message is automatically generated by JIRA. >>> If you think it was sent incorrectly, please contact your JIRA >>> administrators >>> For more information on JIRA, see: http://www.atlassian.com/software/jira >> >> >> -- >> Felix Meschberger | Principal Scientist | Adobe >> >> >> >> >> >> >> -- Felix Meschberger | Principal Scientist | Adobe