Hi, On Tue, Nov 27, 2012 at 5:11 PM, Angela Schreiber <[email protected]> wrote: > IMO that will not work for the case manfred is referring > to as it is operating on the oak-api and not on jcr api.
After thinking about this for some while, I actually wonder whether it would be better for the authentication code to work completely on top of the JCR API, with it's own separate sessions. That would make the authentication code more similar to other standard JAAS components that connect to existing databases, LDAP directories, etc. for authentication information. As an extra benefit this would also make it possible to reuse the users and groups stored in the repository for authenticating also access to non-Oak/JCR resources. BR, Jukka Zitting
