Hi,
Torgeir Veimo schrieb:
>
> On 9 Jan 2009, at 03:00, Rory Douglas wrote:
>
>> Actually, if you need to, it's simple to access the "security"
>> workspace (if you have the admin credentials):
>
>
> [...]
>
> Having SlingRequest implement getRemoteUser(), getUserPrincipal() and
> isUserInRole() would help a lot.
This what is support today:
* getRemoteUser() returns the value of Session.getUserId() if
the request is authenticated.
* getUserPrincipal() returns a simple Principal instance
encapsulating the remote user instance.
* isUserInRole() returns the result of calling the
Authorization.hasRole() method with the role name, if the
authenticator provided the Auhtorization object.
There are ways to improve this:
* getUserPrincipal could try to call
JackrabbitSession.getPrincipalManager().getPrincipal()
for the remote user (and fall back to the simple Principal
if not possible
* isUserInRole is currently not really available since the
SlingAuthenticator does not provide Authorization object. By
implementing the OSGi User Admin Specification, we could modify
the SlingAuthenticator to use the User Admin service and therefore
provide the Authorization object.
User Admin Implementation: I could imagine, that we would implement the
OSGi Compendium User Admin Specification using the repository to do the
actual authentication. Also Role and Group assignment could be done
through the repository. This would allow us to implement the Sling
Authenticator based on OSGi User Admin and thus provide the
Authorization object in the request context. It would also allow the
Apache Felix project to extend the Web Console to use the User Admin
service to control access to the console.
WDYT ?
Regards
Felix
