I have two use cases where user should get login automatically without prompting him login page.
As soon as user is registered we should make him login and redirect to home page.
Whenever a promotional email sent to registered users and if he tries to access any site link, then we should show the page directly without prompting him the login page.
All our sites are CUG enabled sites, so whenever a request is coming for a CUG page, the request was redirected to login page automatically if user is not logged in.
But we want to suppress this behavior and make him login in above two use cases.
Currently we are using token based authentication to our sites by extending AbstractAuthenticationHandler.
In forums I found that we can use SSO Handler, but there was no detail explanation on that.
Any suggestions are worth welcomed.
I Think you can implement both use case in your custom authentication handler
try to return null or some valid credentialInfo in http://sling.apache.org/apidocs/sling6/org/apache/sling/auth/core/spi/AuthenticationHandle r.html#extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) for above two cases.
Extract credential has access to request and response object.
thanks for the reply..
i tried using: return new AuthenticationInfo("BASIC", "testuser",new char);
but no luck
the main challenge i am facing here is i don't have user password with me to login.
i can't even retrieve user password from user node as it SHA-1 encrypted.
generally using login form, user enters username and password and when the form submits, we have access to user name and password in handler so i can construct a AuthenticationInfo and return it.
where as here, user enters nothing.. we have only user name appended to page url and coming as request parameter to us.
so with out password i should login the request programatically.
can you please help out in this specific point