Home » Documentation » The Sling Engine » Authentication

Authentication - Tasks

Authentication of HTTP Requests is generally a two-step process: First the credentials must be extracted from the request and second the credentials must be validated. In the case of Sling this means acquiring a JCR Session.

Extract Credentials from the Request¶

Implemented and controlled by the Sling Auth Core bundle
Takes HttpServletRequest
Provides credentials for futher processing (basically JCR Credentials and Workspace name)
Extensible with the help of AuthenticationHandler services

Implemented and controlled by the JCR Repository
Takes JCR Credentials and Workspace name
Provides a JCR Session
Implementation dependent process. Jackrabbit provides extensibility based on LoginModules; Sling's Embedded Jackrabbit Repository bundle provides extensibility with LoginModulePlugin services.

Currently the credentials are always verified by trying to login to the JCR repository. Once an ResourceResolverFactory API has been added, the process of validating the credentials and logging in is actualy replaced by a process of requesting a ResourceResolver from the ResourceResolverFactory. Of course, the JCR Repository will still be the main underlying repository and as such be used to validate the credentials and get a JCR Session.

Rev. 1593323 by olli on Thu, 8 May 2014 16:33:44 +0000

Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.

Authentication - Tasks

Extract Credentials from the Request¶

Login to the JCR Repository¶