while working on the ResourceResolverFactory I noticed some problems.
We plan to let the SlingAuthenticator directly use the
ResourceResolverFactory to authenticate. This removes all dependencies
to JCR from the authentication and gives us much more flexibility.
However, currently the constants for things like user, password etc are
defined in the AuthenticationInfo. In fact, these are constants that
should be defined by the ResourceResovlerFactory because this is the
service that is used for authentication.
I briefly discussed this with Felix and we both came to the conclusion
that in fact the commons auth is not really commons :) It is more an
auth api for Sling.
Therefore it seems to make sense to move the api from commons auth into
the Sling API. So we have one single API to deal with. The
implementation of the auth would stay in a separate bundle (together
with the compatibility stuff for the older engine auth).
Before discussing the details like which packages to use etc. what do
you think in general about this?