[SLING-966] Make internal sling authentication publicly available - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Auth Core 1.0.0
Component/s: Authentication
Labels:
None

Description

Currently the SlingAuthenticator is an internal class in the Engine bundle, which is used by the SlingMainServlet to handle the authentication as part of an OSGi HTTP Service specification HttpContext object.

To use the Sling authentication framework with the Authenticator and the AuthenticationHandlers outside of the SlingMainServlet, that is for other servlets directly registered with the OSGi HttpService the authentication functionality should be made publicly available.

One approach would be to provide a new authenticate() method in the Authenticator interface. Another option would be to provide an abstract HttpContext which already implements the HttpContext.handleSecurity method using the SlingAuthenticator instance.