Re: [jira] [Created] (SLING-2762) AbstractSlingRepository#login violates JCR spec
Hi, Am 01.03.2013 um 17:29 schrieb Angela Schreiber: hi felix that makes sense. in general i would suggest to consistently use GuestCredentials and get rid of the jr-core-null workaround that in fact relies on an comfortable but somewhat incorrect implementation detail... Not having GuestCredentials, our use of the anonymous credentials was in fact done to prevent using the jr-core-null sideeffect. But GuestCredentials is better for sure. hope that helps Sure does ;-) Regards Felix angela On 3/1/13 11:29 AM, Felix Meschberger wrote: Hi Yes, we assume this under the backwards compatibility umbrella. IIRC Jackrabbit supported the null-argument in this way, too. So we just made it explicit. What we might want to change, though, is to use JCR 2 GuestCredentials instead of doing our own anonmous login stuff and thus get rid of the PluggableLoginModule for anonnyous access. we could also improve a bit by checking for an access control context: if (credentials == null) { if (hasAccessControlContext() hasSubject()) { // assume external authentication } else { // assume backwards compatibility anon login credentials = new GuestCredentials(); } } WDYT ? Regards Felix Am 01.03.2013 um 10:43 schrieb Antonio Sanso (JIRA): Antonio Sanso created SLING-2762: Summary: AbstractSlingRepository#login violates JCR spec Key: SLING-2762 URL: https://issues.apache.org/jira/browse/SLING-2762 Project: Sling Issue Type: Bug Components: JCR Reporter: Antonio Sanso AbstractSlingRepository#login seems to violate the javax.jcr.Repository spec. The API [0] says If credentials is null, it is assumed that authentication is handled by a mechanism external to the repository itself (for example, through the JAAS framework) and that the repository implementation exists within a context (for example, an application server) that allows it to handle authorization of the request for access to the specified workspace. while the implementation looks like {code} ... if (credentials == null) { credentials = getAnonCredentials(this.anonUser); } ... {code} [0] http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Repository.html#login%28javax.jcr.Credentials,%20java.lang.String%29 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira -- Felix Meschberger | Principal Scientist | Adobe -- Felix Meschberger | Principal Scientist | Adobe
Re: [jira] [Created] (SLING-2762) AbstractSlingRepository#login violates JCR spec
Hi Yes, we assume this under the backwards compatibility umbrella. IIRC Jackrabbit supported the null-argument in this way, too. So we just made it explicit. What we might want to change, though, is to use JCR 2 GuestCredentials instead of doing our own anonmous login stuff and thus get rid of the PluggableLoginModule for anonnyous access. we could also improve a bit by checking for an access control context: if (credentials == null) { if (hasAccessControlContext() hasSubject()) { // assume external authentication } else { // assume backwards compatibility anon login credentials = new GuestCredentials(); } } WDYT ? Regards Felix Am 01.03.2013 um 10:43 schrieb Antonio Sanso (JIRA): Antonio Sanso created SLING-2762: Summary: AbstractSlingRepository#login violates JCR spec Key: SLING-2762 URL: https://issues.apache.org/jira/browse/SLING-2762 Project: Sling Issue Type: Bug Components: JCR Reporter: Antonio Sanso AbstractSlingRepository#login seems to violate the javax.jcr.Repository spec. The API [0] says If credentials is null, it is assumed that authentication is handled by a mechanism external to the repository itself (for example, through the JAAS framework) and that the repository implementation exists within a context (for example, an application server) that allows it to handle authorization of the request for access to the specified workspace. while the implementation looks like {code} ... if (credentials == null) { credentials = getAnonCredentials(this.anonUser); } ... {code} [0] http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Repository.html#login%28javax.jcr.Credentials,%20java.lang.String%29 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira -- Felix Meschberger | Principal Scientist | Adobe
Re: [jira] [Created] (SLING-2762) AbstractSlingRepository#login violates JCR spec
hi felix that makes sense. in general i would suggest to consistently use GuestCredentials and get rid of the jr-core-null workaround that in fact relies on an comfortable but somewhat incorrect implementation detail... hope that helps angela On 3/1/13 11:29 AM, Felix Meschberger wrote: Hi Yes, we assume this under the backwards compatibility umbrella. IIRC Jackrabbit supported the null-argument in this way, too. So we just made it explicit. What we might want to change, though, is to use JCR 2 GuestCredentials instead of doing our own anonmous login stuff and thus get rid of the PluggableLoginModule for anonnyous access. we could also improve a bit by checking for an access control context: if (credentials == null) { if (hasAccessControlContext() hasSubject()) { // assume external authentication } else { // assume backwards compatibility anon login credentials = new GuestCredentials(); } } WDYT ? Regards Felix Am 01.03.2013 um 10:43 schrieb Antonio Sanso (JIRA): Antonio Sanso created SLING-2762: Summary: AbstractSlingRepository#login violates JCR spec Key: SLING-2762 URL: https://issues.apache.org/jira/browse/SLING-2762 Project: Sling Issue Type: Bug Components: JCR Reporter: Antonio Sanso AbstractSlingRepository#login seems to violate the javax.jcr.Repository spec. The API [0] says If credentials is null, it is assumed that authentication is handled by a mechanism external to the repository itself (for example, through the JAAS framework) and that the repository implementation exists within a context (for example, an application server) that allows it to handle authorization of the request for access to the specified workspace. while the implementation looks like {code} ... if (credentials == null) { credentials = getAnonCredentials(this.anonUser); } ... {code} [0] http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Repository.html#login%28javax.jcr.Credentials,%20java.lang.String%29 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira -- Felix Meschberger | Principal Scientist | Adobe