Pre-authenticated login from Sling to Oak

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Pre-authenticated login from Sling to Oak

Dmitry
Hi,

As per the document [1], to pre-authenticate a user in the Sling tier,  one needs to do the following:

> 1. verify the identity in the layer on top of the JCR repository (e.g. in a custom Sling Authentication Handler)
> 2. pass a custom, non-public Credentials implementation to the repository login

The 1st step is clear, I was able to create a custom AuthenticationHandler and verify the identity. But how exactly do I pass custom Credentials implementation to the repository login?

AuthenticationHandler should return AuthenticationInfo, which is actually a HashMap<String, Object> with well-defined fields like user and password. I guess I have to put my custom Credentials instance there, but under what key?

Thanks in advance,
Dmitry

[1] http://jackrabbit.apache.org/oak/docs/security/authentication/preauthentication.html
Reply | Threaded
Open this post in threaded view
|

Re: Pre-authenticated login from Sling to Oak

Robert Munteanu-2

Hi Dmitry,

On Tue, 2018-08-14 at 03:59 +0300, Dmitry Telegin wrote:

> Hi,
>
> As per the document [1], to pre-authenticate a user in the Sling
> tier,  one needs to do the following:
>
> > 1. verify the identity in the layer on top of the JCR repository
> > (e.g. in a custom Sling Authentication Handler)
> > 2. pass a custom, non-public Credentials implementation to the
> > repository login
>
> The 1st step is clear, I was able to create a custom
> AuthenticationHandler and verify the identity. But how exactly do I
> pass custom Credentials implementation to the repository login?

My reading of the Oak page is that you should do that in step 3.
"create a custom login module that only supports these dedicated
credentials". If you look at the code example on that page, it does
exactly that

        sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(userId));
        sharedState.put(SHARED_KEY_CREDENTIALS, new SimpleCredentials(userId, new char[0]));
        sharedState.put(SHARED_KEY_LOGIN_NAME, userId);

And the credential implementation seems to the SimpleCredentials with an empty password.

Does that work for you?

Robert