Hi, Am 09.11.2011 um 17:53 schrieb Justin Edelson:
> > I'm not in favor of abandoning the DavEx->Sling Auth integration this > for two reasons: 1) as Carsten noted in one of his JIRA comments, > there are browser-based DavEx applications which depend upon Sling > Authentication to work seamlessly and 2) we lose out on the use of the > AuthenticationInfoPostProcessor infrastructure. Agreed. Which I come to the same conclusion (not abandoning Sling's nice stuff) > > In addition, I suspect that while the requirements of the DavEx > servlet with respect to Sling Authentication are not entirely unique > and that *if* there are changes required in Sling Authentication to > support the DavEx servlet will benefit other use cases. Well, there is a unique "feature" which is called "missing-auth-mapping". I am not entirely sure, that I want to add support for such functionality. Because in essence, this would just replace one "anonymous" user with another one (with maybe the added functionality of being able to disable that user...). > > I'm convinced the problems are entirely solvable and I'm not ready to > throw in the towel quite yet. I may change my mind :) Do we have something else (other than the missing-auth-mapping stuff) ? Regards Felix > > That said, as a short term solution to the issue Markus is having, I'm > perfectly fine with rollback SLING-2167, reapply the change described > in SLING-2256, and releasing DavEx 1.1.0. > > Justin > >> >> The price to pay is, that authentication for this does not go through Sling >> and does not benefit from Sling's central configuration and setup. >> >> Regards >> Felix >> >>> >>> Regards, >>> Markus >>> >>> >>> >>> >>>> >>>> Regards >>>> Felix >>>> >>>>> >>>>> Thanks, >>>>> Markus >>>> >>>> >> >>
