I like the proposal :) I've a few comments. I think we don't need constants for workspace or session for the login stuff. At least the workspace should/could be a configuration of the jcr resource resolver factory.
The other thing is that I'm a little bit unsure how login really should work. I think we should not login into all providers upfront. Let's say if a provider is responsible for /a but this path is never accessed by the user, it doesn't matter if the user is able to login into this provider or not. So we need some kind of lazy login I guess (but this might make exception handling or the case if a login fails more complicated) I could also imagine some kind of sso - so this might be a little bit misleading term here. There is a master provider, let's say jcr. This one might be able to add login credentials used by the other providers to login. Perhaps we could add some plugin mechanism here to add credentials based on a successful login into one provider? I haven't thought this through yet, these are just my first unsorted comments :) Carsten -- Carsten Ziegeler [EMAIL PROTECTED]
