Expand my Community achievements bar.

SOLVED

How SlingAuthenticationHandler talks to CRXLogin module

Avatar

Level 6

  I read about this point here. But after I could not able to figure out how AuthenticationInfo object is passed to CRXLoginModule . What I have understood the flow of SlingAuthenticationHandler is as follows -

1.SlingAuthenticator calls the AuthenticationHandler (the CQ default is TokenAuthenticationHandler)

2. The AuthenticationHandler returns AuthenticationInfo with username and password. In the code of SlingAuthenticationHandler and it just sends the AuthenticationInfo object from TokenUtil.createCredentials(request, response, this.repository, username, true); The code of TokenUtil class says - 

adminSession = repository.loginAdministrative(null);

   SimpleCredentials sc = new SimpleCredentials(userId, new char[0]);
      sc.setAttribute(".token", "");
      userSession = adminSession.impersonate(sc);

      TokenCredentials tc = new TokenCredentials((String)sc.getAttribute(".token"));
      AuthenticationInfo authInfo = new AuthenticationInfo("TOKEN", userId);
      authInfo.put("user.jcr.credentials", tc);

3. adminSession.impersonate(sc) calls org.apache.jackrabbit.core.SessionImpl.impersonate(Credential crd) which again calls org.apache.jackrabbit.core.RepositoryImpl.login and it allows to login and creates token in commit() method of org.apache.jackrabbit.core.security.authentication.DefaultLoginModule . 

Questions: Q1) How CRXLoginModule is invoked when adminSession.impersonate(sc)  is executed? Which class file is responsible for this? 

Q2) I saw the code of SlingAuthenticator but it does not call javax.jcr.RepositoryFactory or com.day.crx.core.CRXRepositoryFactory. How sling passes AuthenticationInfo object to CRXLoginModule? 

Kindly help me to understand the flow. Appriciate your help!

Best regards,

Sam

1 Accepted Solution

Avatar

Correct answer by
Employee

Hi Sam,

Regardless of how they are formed, the SlingAuthenticator takes the AuthenticationInfo object (which is fundamentally just a map) and passes it into the ResourceResolverFactory.getResourceResolver() method. In turn, the JcrResourceProviderFactory (or JcrResourceResolverFactory, depending on what version of AEM you're using) transforms this map into a Credentials object and then passes it to Repository.login() which then invokes the JAAS login modules.

Regards,

Justin

View solution in original post

3 Replies

Avatar

Correct answer by
Employee

Hi Sam,

Regardless of how they are formed, the SlingAuthenticator takes the AuthenticationInfo object (which is fundamentally just a map) and passes it into the ResourceResolverFactory.getResourceResolver() method. In turn, the JcrResourceProviderFactory (or JcrResourceResolverFactory, depending on what version of AEM you're using) transforms this map into a Credentials object and then passes it to Repository.login() which then invokes the JAAS login modules.

Regards,

Justin

Avatar

Level 6

Thanks Justin for the clarification :)