Hi Robert The new service authentication you refer to, basically has two components: The service accessing the repository (or resource resolver, which I actually prefer these days) and the deployer/administrator assigning user names to services.
For exmaple consider a bundle com.example.sample. (1) Service bundle > ResourceResolverFactoy rrf = // get the service somehow > ResourceResolver rr = rrf.getServiceResourceResolver(null); That's all. The optional credentials can be used to convey additional information such as a subservice name or a JCR workspace name. Username and passwords are ignored (actually they are even removed before using the credentials map for ResourceProviderFactory access). (2) Administrator The administrator has to configure the ServiceUserMapper service with a mapping such as for example: > com.example.sample = SampleUser And no, the rest of Sling has not been migrated to service authentication yet. Hope this helps. Regards Felix Am 20.10.2013 um 00:40 schrieb Robert A. Decker: > Ok, I've been reading up on: > https://sling.apache.org/documentation/the-sling-engine/service-authentication.html > > and looking at the config for: > org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl > > Things are getting a little clearer, but I still don't see how I can actually > use it… I've been looking through the sling source code and I haven't found > anything that uses the new system yet. Are there any examples? > > I just want to get hold of a ResourceResolver using the new system, and this > should be the repository's admin user. I'm only writing a simple datastore > garbage collector service. In fact, all of my services will probably run as > the admin user - at this time I have no plans for users/user management. > > This will happen in one of my services. Even if I add my service to the > ServiceUserMapperImpl configuration it looks like I still need to have the > credentials for the admin user. > > Rob > > On Oct 19, 2013, at 11:14 PM, Robert A. Decker wrote: > >> Ok, I'm not proud of this, but so far this is what I've come up with for >> getting the admin password from the repository configuration so that I can >> use the new resourceResolverFactory.getServiceResourceResolver(credentials) >> way. >> >> Configuration[] configs = >> configAdmin.listConfigurations("(service.factoryPid=org.apache.sling.jcr.jackrabbit.server.SlingServerRepository)"); >> >> for (Configuration aConfig : configs) { >> Dictionary props = aConfig.getProperties(); >> LOGGER.debug(props != null ? >> props.get("admin.password").toString() : "null"); >> } >> >> I can put this in my service to get the admin user's password. >> >> But is there a more straightforward way? This pulls it out of the >> configuration, but is there a way to pull it out of the repository/user >> itself? >> >> Should I instead be using the >> org.apache.jackrabbit.api.security.user.UserManager to get the User, then >> org.apache.jackrabbit.api.security.user.User getCredentials method? >> >> Rob >> >> >> On Oct 19, 2013, at 5:57 PM, Robert A. Decker wrote: >> >>> Hi, >>> >>> I'm trying out the new recommended way of getting access to your repository >>> (no longer using loginAdministrative/getAdministrativeResourceResolver). >>> >>> I see that you can get credentials from SlingServerRepository: >>> SlingServerRepository.getAdministrativeCredentials(String adminUser) to get >>> my admin user's credential information. >>> >>> But it doesn't look like it's exposed through a service. >>> >>> If you go to: >>> http://server/system/console/status-Configurations >>> >>> You can see your admin user's credentials. >>> >>> Is there a recommended way to access a user's credentials? I don't want to >>> put them in config files. >>> >>> Rob >> >> >
smime.p7s
Description: S/MIME cryptographic signature
