Hi, I see that most of the AuthenticationHandler [1] is deprecated. I think this is the interface to implement when I want to plugin my own authentication logic. What is its replacement?
[1] http://sling.apache.org/apidocs/sling6/org/apache/sling/engine/auth/AuthenticationHandler.html 2013/3/21 Fabian Christ <[email protected]>: > Hi, > > I think I have found what I was looking for as an introduction in > Jackrabbit [1]. > > [1] http://wiki.apache.org/jackrabbit/AccessControl > > So from a Sling perspective, I have to login to the JCR using, e.g. > org.apache.sling.jcr.api.SlingRepository.login() somewhere in my code > with the right user credentials. But Sling also provides JAAS > functionality at the /j_security_check endpoint, right? > > > 2013/3/21 Fabian Christ <[email protected]>: >> Hi, >> >> I was playing with the slingbucks example [1]. I noticed that it >> required authentication in order to accept POST request to create new >> orders. After logging in via admin:admin at the Sling main page, the >> slingbucks order process worked. >> >> My assumption is that the underlying JCR requires authentication >> before it allows any write operations, right? >> >> I started to look for documentation on authentication and user >> management. I see that there is a user management RESTful API [1] but >> can not find more details about it. >> >> The documentation in [2] is on a low technical level but I am missing >> some overview how users should be managed for a webapp. Any hints are >> welcome. >> >> [1] >> https://cwiki.apache.org/confluence/display/SLING/FAQ#FAQ-HowdoIchangeJackrabbit%27sadminpassword%3F >> [2] http://sling.apache.org/site/authentication.html >> >> -- >> Fabian >> http://twitter.com/fctwitt > > > > -- > Fabian > http://twitter.com/fctwitt -- Fabian http://twitter.com/fctwitt
