Hi all.
I am exploring the Sling Form Based AuthenticationHandler
<https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java>
to understand how use it in a SPA login.
Documentation
<https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html>
says to use (for Ajax calls) the *j_validate* parameter to just validate
the credentials.
So the login call would be something like:
curl -v -F 'j_username=admin' -F 'j_password=admin' -F 'j_validate=true'
http://localhost:8080/j_security_check
My questions are:
1) Is /j_security_check the correct endpoint for javascript login call ?
2) What are the differences using the /system/sling/login endpoint
(servlet) ?
3) What are the "LoginServlet
<https://github.com/apache/sling-org-apache-sling-auth-core/blob/master/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java>"
and "LogoutServlet
<https://github.com/apache/sling-org-apache-sling-auth-core/blob/master/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java>"
intended for?
4) Can I map the login request with a custom endpoint (for example:
/ws/login) ?
5) What would be the best way to extend the Form Based
AuthenticationHandler functionality making it work with a json payload
that returns the token in the response (and send it in a X-Authorization
header) ?
Greets.
Nicola.
