[
https://issues.apache.org/jira/browse/SLING-599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12619806#action_12619806
]
Felix Meschberger commented on SLING-599:
-----------------------------------------
Thanks for submitting this patch, which looks good.
Just let me add a comment regarding the ..remote.user and ..authentication.type
attributes: As I read the OSGi Http Service spec, the HttpService
implementation must provide the values of the ..remote.user and
..authentication.type request attributes as the return values of the
getRemoteUser() and getAuthenticationType() calls on the request objects. This
is how the Apache Felix http.jetty and Pax Web Service implementations are
done. In this sense, I would say, that we might want to not add the
getRemoteUser() and getAuthenticationType() methods to the
SlingHttpServletRequestImpl class.
I agree with the rest of the patch.
WDYT ?
> Add support for authentication/authorization methods in servlet request API
> ---------------------------------------------------------------------------
>
> Key: SLING-599
> URL: https://issues.apache.org/jira/browse/SLING-599
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Christopher Elkins
> Priority: Minor
> Attachments: SlingHttpServletRequestImpl.java.patch
>
>
> Although SlingAuthenticator does populate some authentication state in the
> request, it does so in an non-portable way (from a Servlet API perspective).
> For example, it sets the remote user identifier as a request attribute
> whereas one familiar with the Servlet API would expect to obtain it by
> calling getRemoteUser().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
