### Eclipse Workspace Patch 1.0
#P trunk
Index: oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiTokenProvider.java
===================================================================
--- oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiTokenProvider.java	(revision 0)
+++ oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiTokenProvider.java	(revision 0)
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.osgi;
+
+import java.util.Map;
+
+import javax.annotation.CheckForNull;
+import javax.jcr.Credentials;
+
+import org.apache.jackrabbit.oak.spi.security.authentication.token.CompositeTokenProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
+
+/**
+ * {@link TokenProvider} implementation that combines all available OSGi
+ * token providers.
+ */
+public class OsgiTokenProvider  extends AbstractServiceTracker<TokenProvider> implements TokenProvider{
+
+    public OsgiTokenProvider() {
+        super(TokenProvider.class);
+    }
+
+    @Override
+    public boolean doCreateToken(Credentials credentials) {
+        return getProvider().doCreateToken(credentials);
+    }
+
+    @CheckForNull
+    @Override
+    public TokenInfo createToken(Credentials credentials) {
+        return getProvider().createToken(credentials);
+    }
+
+    @CheckForNull
+    @Override
+    public TokenInfo createToken(String userId, Map<String, ?> attributes) {
+        return getProvider().createToken(userId, attributes);
+    }
+
+    @CheckForNull
+    @Override
+    public TokenInfo getTokenInfo(String token) {
+        return getProvider().getTokenInfo(token);
+    }
+    
+    //------------------------------------------------------------< private >---
+    private TokenProvider getProvider() {
+        return CompositeTokenProvider.newInstance(getServices());
+    }
+
+}
Index: oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProviderConstants.java
===================================================================
--- oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProviderConstants.java	(revision 0)
+++ oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProviderConstants.java	(revision 0)
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication.token;
+
+/**
+ * Constants for the token provider implementation
+ */
+public interface TokenProviderConstants {
+
+    String PARAM_TOKEN_PROVIDER = "tokenProvider";
+
+}
Index: oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java
===================================================================
--- oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java	(revision 1530700)
+++ oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java	(working copy)
@@ -34,6 +34,8 @@
 import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProviderConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName;
@@ -76,6 +78,8 @@
     private final OsgiAuthorizableActionProvider authorizableActionProvider = new OsgiAuthorizableActionProvider();
 
     private final OsgiRestrictionProvider restrictionProvider = new OsgiRestrictionProvider();
+    
+    private final OsgiTokenProvider tokenProvider = new OsgiTokenProvider();
 
     private final OsgiSecurityProvider securityProvider;
 
@@ -102,6 +106,9 @@
 
         authorizableActionProvider.start(bundleContext);
         restrictionProvider.start(bundleContext);
+        
+        tokenProvider.start(bundleContext);
+        
         securityProvider.start(bundleContext);
 
         microKernelTracker = new ServiceTracker(context, MicroKernel.class.getName(), this);
@@ -123,6 +130,7 @@
         repositoryInitializerTracker.stop();
         authorizableActionProvider.stop();
         restrictionProvider.stop();
+        tokenProvider.stop();
         securityProvider.stop();
 
         for(Registration r : registrations){
@@ -196,10 +204,15 @@
         Map<String, OsgiRestrictionProvider> authorizMap = ImmutableMap.of(
                 AccessControlConstants.PARAM_RESTRICTION_PROVIDER, restrictionProvider
         );
+        
+        Map<String, OsgiTokenProvider> authentMap = ImmutableMap.of(
+                TokenProviderConstants.PARAM_TOKEN_PROVIDER, tokenProvider
+        );
 
         ConfigurationParameters securityConfig = ConfigurationParameters.of(ImmutableMap.of(
                 UserConfiguration.NAME, ConfigurationParameters.of(userMap),
-                AuthorizationConfiguration.NAME, ConfigurationParameters.of(authorizMap)
+                AuthorizationConfiguration.NAME, ConfigurationParameters.of(authorizMap),
+                AuthenticationConfiguration.NAME, ConfigurationParameters.of(authentMap)
         ));
         return securityConfig;
     }
Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
===================================================================
--- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java	(revision 1530700)
+++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java	(working copy)
@@ -32,6 +32,7 @@
 import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProviderConstants;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -134,9 +135,15 @@
      */
     @Nonnull
     @Override
-    public TokenProvider getTokenProvider(Root root) {
-        ConfigurationParameters tokenOptions = getParameters().getConfigValue(PARAM_TOKEN_OPTIONS, ConfigurationParameters.EMPTY);
-        UserConfiguration uc = getSecurityProvider().getConfiguration(UserConfiguration.class);
-        return new TokenProviderImpl(root, tokenOptions, uc);
+    public TokenProvider getTokenProvider(Root root) { 
+        TokenProvider tokenProvider = getParameters().getConfigValue(TokenProviderConstants.PARAM_TOKEN_PROVIDER,null,TokenProvider.class);
+        if(tokenProvider == null){
+            ConfigurationParameters tokenOptions = getParameters().getConfigValue(PARAM_TOKEN_OPTIONS, ConfigurationParameters.EMPTY);
+            UserConfiguration uc = getSecurityProvider().getConfiguration(UserConfiguration.class);
+            tokenProvider = new TokenProviderImpl(root, tokenOptions, uc);
+        }
+        
+        return tokenProvider;
+
     }
 }
\ No newline at end of file