atom feed9 messages in Sling API and Commons Auth API
FromSent OnAttachments
Carsten ZiegelerMar 10, 2010 9:57 am 
Mike MüllerMar 13, 2010 10:14 pm 
Mike MüllerMar 13, 2010 10:41 pm 
Felix MeschbergerMar 15, 2010 12:14 am 
Carsten ZiegelerMar 15, 2010 2:45 am 
Clemens WyssMar 15, 2010 10:40 am 
Mike MüllerMar 16, 2010 1:17 pm 
Justin EdelsonMar 16, 2010 1:34 pm 
Mike MüllerMar 18, 2010 4:41 pm 
Subject:Merging Sling API and Commons Auth API
From:Carsten Ziegeler (
Date:Mar 10, 2010 9:57:28 am


while working on the ResourceResolverFactory I noticed some problems. We plan to let the SlingAuthenticator directly use the ResourceResolverFactory to authenticate. This removes all dependencies to JCR from the authentication and gives us much more flexibility.

However, currently the constants for things like user, password etc are defined in the AuthenticationInfo. In fact, these are constants that should be defined by the ResourceResovlerFactory because this is the service that is used for authentication.

I briefly discussed this with Felix and we both came to the conclusion that in fact the commons auth is not really commons :) It is more an auth api for Sling.

Therefore it seems to make sense to move the api from commons auth into the Sling API. So we have one single API to deal with. The implementation of the auth would stay in a separate bundle (together with the compatibility stuff for the older engine auth).

Before discussing the details like which packages to use etc. what do you think in general about this?