Hi Nicola, On Wed, 2020-12-02 at 16:41 +0100, Nicola Cisternino wrote: > Hi all. > > I am exploring the Sling Form Based AuthenticationHandler > < > https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java > > > to understand how use it in a SPA login. > Documentation > < > https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html > > > says to use (for Ajax calls) the *j_validate* parameter to just > validate > the credentials. > So the login call would be something like: > > curl -v -F 'j_username=admin' -F 'j_password=admin' -F > 'j_validate=true' > http://localhost:8080/j_security_check > > My questions are: > 1) Is /j_security_check the correct endpoint for javascript login > call ?
Yes. > 2) What are the differences using the /system/sling/login endpoint > (servlet) ? The /system/sling/{login,logout} paths are entry points for browsers. > 3) What are the "LoginServlet > < > https://github.com/apache/sling-org-apache-sling-auth-core/blob/master/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java > >" > and "LogoutServlet > < > https://github.com/apache/sling-org-apache-sling-auth-core/blob/master/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java > >" > intended for? See above. > 4) Can I map the login request with a custom endpoint (for example: > /ws/login) ? You can probably mount the SlingLoginServlet at a different path, but I think it's simplest to redirect/rewrite from an intermediate HTTP server, such as Apache HTTPd. > 5) What would be the best way to extend the Form Based > AuthenticationHandler functionality making it work with a json > payload > that returns the token in the response (and send it in a X- > Authorization > header) ? I am not sure about that, maybe someone else on the list knows. I guess you can always try and write your own authentication handler, but I have not tried that yet. Hope this helps, Robert