3 Replies Latest reply on Feb 22, 2013 2:55 AM by Paolo Tognola

    Custom Authentication/Authorization with LoginModulePlugin - Missing Sling 6 API

    Paolo Tognola

      We have users accessing the publisher instance, whose profiles are managed with an external system and injected on their requests to cq by an upstream proxy (as headers).
      We do not (and can not) have those users themselves in the repository only group principals that those users have.


      We have implemented a custom authentication handler for this situation (authenticating against the injected request headers,which works) and additionally planned to have a custom LoginModulePlugin (as described with the sling 6 api) to enrich the subject by the addPrincipal method with the group memberships from the headers (groups which actually exist in the repo).

       

       

      But these api's are not available in CQ 5.5 / 5.6. Regardless of whether using CRXDE or CRXDELight.

       

       

      As said i need different types (LoginModulePlugin, AuthenticationPlugin, AccessManagerPlugin, ...) from the Sling 6:
      org.apache.sling.jcr.jackrabbit.server.security
      org.apache.sling.jcr.jackrabbit.server.security.accessmanager

       

       

      Is there any reason for this?
      And most important, is there any alternative approach?

       

      Many thanks for any hints on this!

      Regards

      Paolo