Hi, Audrey Colbrant schrieb: >> What is the goal of your bundle ? > The bundle manage specific post handlers for my application so I extend for > each of them the SlingPostOperation.
Makes perfect sense. > >> Why do you want to do that ? >> Do you want to access an existing repository ? > On the website, I have a login form that I send to one of the previous > handlers when submission button is pressed. Once I reach the handler, I log > in the repository, create a session with specific access, and I can allow or > deny access to some parts of my application. > > Ad example, if my repository is like that: > -- /content/tb_monitoring > ---- hospitals > ---- idents > ---- ... > I want that an admin can access all nodes, but a doctor should not access to > the node idents. So I have defined ACL on nodes and now I need a login system > into the repository. > > I use the following code: > Repository repository = new TransientRepository(); > > Session session = repository.login(new SimpleCredentials(login, > password)); > (same as here http://jackrabbit.apache.org/first-hops.html) > > Why isn't it suitable in my case? > > Which other piece of code should I use instead? Hmm, let me see: * You want your users (non-admins) to be able to login using a login form * You want then process the requests on behalf of the users and failing the requests if they don't have enough access rights Well, I suggest you go a completely different route then. First you don't have to care to get the repository session. Sling can take care of that for you. If you have special login requirements, which are not yet supported by Sling (we standard HTTP BASIC authentication and OpenID authentication support) you might want to implement the org.apache.sling.engine.auth.AuthenticationHandler interface. This allows for providing your own handler to extract credentials from a request. See the httpauth [1] project for a sample implementation. Next in your SlingPostOperation you already have the request connected to the repository and can directly access it: ResourceResolver rr = request.getResourceResolver(); Session s = rr.adaptTo(Session.class); You also don't have to logout, this is taken care of by Sling. HTH Regards Felix [1] https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/httpauth > > >> And most importantly: do not export jackrabbit.core bundles, this is >> most probably not correct. > If I don't export that, it's no more working properly... Do you have any idea > what could be wrong in my pom.xml > > Thanks in advance, > > Audrey > > > _________________________________________________________________ > Vivez Noël avant l'heure avec Hotmail Magic Moment ! > http://www.hotmailmagicmoment.com
