Hi,
Am 01.03.2013 um 17:29 schrieb Angela Schreiber:
> hi felix
>
> that makes sense. in general i would suggest to consistently use
> GuestCredentials and get rid of the jr-core-null workaround that
> in fact relies on an comfortable but somewhat incorrect
> implementation detail...
Not having GuestCredentials, our use of the "anonymous credentials" was in fact
done to prevent using the jr-core-null "sideeffect". But GuestCredentials is
better for sure.
>
> hope that helps
Sure does ;-)
Regards
Felix
> angela
>
> On 3/1/13 11:29 AM, Felix Meschberger wrote:
>> Hi
>>
>> Yes, we assume this under the "backwards compatibility" umbrella. IIRC
>> Jackrabbit supported the null-argument in this way, too. So we just made it
>> explicit.
>>
>> What we might want to change, though, is to use JCR 2 GuestCredentials
>> instead of doing our own anonmous login stuff and thus get rid of the
>> PluggableLoginModule for anonnyous access.
>>
>> we could also improve a bit by checking for an access control context:
>>
>>> if (credentials == null) {
>>> if (hasAccessControlContext()&& hasSubject()) {
>>> // assume "external" authentication
>>> } else {
>>> // assume backwards compatibility anon login
>>> credentials = new GuestCredentials();
>>> }
>>> }
>>>
>>
>> WDYT ?
>>
>> Regards
>> Felix
>>
>> Am 01.03.2013 um 10:43 schrieb Antonio Sanso (JIRA):
>>
>>> Antonio Sanso created SLING-2762:
>>> ------------------------------------
>>>
>>> Summary: AbstractSlingRepository#login violates JCR spec
>>> Key: SLING-2762
>>> URL: https://issues.apache.org/jira/browse/SLING-2762
>>> Project: Sling
>>> Issue Type: Bug
>>> Components: JCR
>>> Reporter: Antonio Sanso
>>>
>>>
>>> AbstractSlingRepository#login seems to violate the javax.jcr.Repository
>>> spec.
>>>
>>> The API [0] says
>>>
>>> " If credentials is null, it is assumed that authentication is handled by a
>>> mechanism external to the repository itself (for example, through the JAAS
>>> framework) and that the repository implementation exists within a context
>>> (for example, an application server) that allows it to handle authorization
>>> of the request for access to the specified workspace."
>>>
>>> while the implementation looks like
>>>
>>> {code}
>>> ...
>>> if (credentials == null) {
>>> credentials = getAnonCredentials(this.anonUser);
>>> }
>>> ...
>>>
>>> {code}
>>>
>>>
>>> [0]
>>> http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Repository.html#login%28javax.jcr.Credentials,%20java.lang.String%29
>>>
>>> --
>>> This message is automatically generated by JIRA.
>>> If you think it was sent incorrectly, please contact your JIRA
>>> administrators
>>> For more information on JIRA, see: http://www.atlassian.com/software/jira
>>
>>
>> --
>> Felix Meschberger | Principal Scientist | Adobe
>>
>>
>>
>>
>>
>>
>>
--
Felix Meschberger | Principal Scientist | Adobe
