Hi, I think I have found what I was looking for as an introduction in Jackrabbit [1].
[1] http://wiki.apache.org/jackrabbit/AccessControl So from a Sling perspective, I have to login to the JCR using, e.g. org.apache.sling.jcr.api.SlingRepository.login() somewhere in my code with the right user credentials. But Sling also provides JAAS functionality at the /j_security_check endpoint, right? 2013/3/21 Fabian Christ <[email protected]>: > Hi, > > I was playing with the slingbucks example [1]. I noticed that it > required authentication in order to accept POST request to create new > orders. After logging in via admin:admin at the Sling main page, the > slingbucks order process worked. > > My assumption is that the underlying JCR requires authentication > before it allows any write operations, right? > > I started to look for documentation on authentication and user > management. I see that there is a user management RESTful API [1] but > can not find more details about it. > > The documentation in [2] is on a low technical level but I am missing > some overview how users should be managed for a webapp. Any hints are > welcome. > > [1] > https://cwiki.apache.org/confluence/display/SLING/FAQ#FAQ-HowdoIchangeJackrabbit%27sadminpassword%3F > [2] http://sling.apache.org/site/authentication.html > > -- > Fabian > http://twitter.com/fctwitt -- Fabian http://twitter.com/fctwitt
