We have users accessing the publisher instance, whose profiles are managed with an external system and injected on their requests to cq by an upstream proxy (as headers).
We do not (and can not) have those users themselves in the repository only group principals that those users have.
We have implemented a custom authentication handler for this situation (authenticating against the injected request headers,which works) and additionally planned to have a custom LoginModulePlugin (as described with the sling 6 api) to enrich the subject by the addPrincipal method with the group memberships from the headers (groups which actually exist in the repo).
But these api's are not available in CQ 5.5 / 5.6. Regardless of whether using CRXDE or CRXDELight.
As said i need different types (LoginModulePlugin, AuthenticationPlugin, AccessManagerPlugin, ...) from the Sling 6:
Is there any reason for this?
And most important, is there any alternative approach?
Many thanks for any hints on this!
From 5.5 onwards the repository runs inside an OSGi framework. Therefore you need to deploy your custom LoginModule as a fragment bundle and
attach it to the repository bundle. Details at http://dev.day.com/docs/en/crx/current/deploying/custom-login-modules.html
In addition to what Sham wrote, the LoginModulePlugin API is not available in CQ - you need to use only the JAAS and Jackrabbit/CRX APIs.
Hi Sham HC and Justin
many thanks for your feedbacks. I'll tryout and vrify the approach described in the docs you've posted.