Adobe Experience Manager Sites & More

Justin,

No HttpServletRequest.getSession does not have a getUserId method. 

The reason we need to do this because we use a third party commerce system, that handles all log on functions. We use the custom auth for certain areas of the site where you need to have special permissions to view. So We check with the commerce system if the user has permission to view the page if yes great if not then dont show. However if the user is on the author then there is no third party commerce system and they sign in using the standard cq5 authentication. So what I want to do is get that authentication and return it from the custom auth. I have tried returning null hoping that it bubbles up to the default authentication handler but unfortunately it doesn't. I realise I could do an isAuthor check but I want to find a way of getting the cq5 user especially because we will be moving to using cq5 for handling authorisation. 

So in essence my question is how can I from a class get the current users CQ5 authentication info and/or signal that the custom authentication wants the default cq5 authentication to take over and perform the authentication.

Thanks

Tom 

I was refererring to javax.jcr.Session. See http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Session.html#getUserID().

But mostly you shouldn't be handling authorization in this. JCR has built-in authorization, so you do not need to implement the logic to handle "if the user has permissions ot view the page...if not then don't show."

If you need custom authentication, write an AuthenticationHandler (and returning null definitely work as a return value of the extractCredentials() method). But assuming you authorization needs are met by the privledges already handled by the repository, there's no need to reinvent that wheel.