I read about this point here. But after I could not able to figure out how AuthenticationInfo object is passed to CRXLoginModule . What I have understood the flow of SlingAuthenticationHandler is as follows -
1.SlingAuthenticator calls the AuthenticationHandler (the CQ default is TokenAuthenticationHandler)
2. The AuthenticationHandler returns AuthenticationInfo with username and password. In the code of SlingAuthenticationHandler and it just sends the AuthenticationInfo object from TokenUtil.createCredentials(request, response, this.repository, username, true); The code of TokenUtil class says -
adminSession = repository.loginAdministrative(null);
SimpleCredentials sc = new SimpleCredentials(userId, new char[0]);
sc.setAttribute(".token", "");
userSession = adminSession.impersonate(sc);
TokenCredentials tc = new TokenCredentials((String)sc.getAttribute(".token"));
AuthenticationInfo authInfo = new AuthenticationInfo("TOKEN", userId);
authInfo.put("user.jcr.credentials", tc);
3. adminSession.impersonate(sc) calls org.apache.jackrabbit.core.SessionImpl.impersonate(Credential crd) which again calls org.apache.jackrabbit.core.RepositoryImpl.login and it allows to login and creates token in commit() method of org.apache.jackrabbit.core.security.authentication.DefaultLoginModule .
Questions: Q1) How CRXLoginModule is invoked when adminSession.impersonate(sc) is executed? Which class file is responsible for this?
Q2) I saw the code of SlingAuthenticator but it does not call javax.jcr.RepositoryFactory or com.day.crx.core.CRXRepositoryFactory. How sling passes AuthenticationInfo object to CRXLoginModule?
Kindly help me to understand the flow. Appriciate your help!
Best regards,
Sam
Solved! Go to Solution.
Views
Replies
Total Likes
Hi Sam,
Regardless of how they are formed, the SlingAuthenticator takes the AuthenticationInfo object (which is fundamentally just a map) and passes it into the ResourceResolverFactory.getResourceResolver() method. In turn, the JcrResourceProviderFactory (or JcrResourceResolverFactory, depending on what version of AEM you're using) transforms this map into a Credentials object and then passes it to Repository.login() which then invokes the JAAS login modules.
Regards,
Justin
Views
Replies
Total Likes
Hi Sam,
Regardless of how they are formed, the SlingAuthenticator takes the AuthenticationInfo object (which is fundamentally just a map) and passes it into the ResourceResolverFactory.getResourceResolver() method. In turn, the JcrResourceProviderFactory (or JcrResourceResolverFactory, depending on what version of AEM you're using) transforms this map into a Credentials object and then passes it to Repository.login() which then invokes the JAAS login modules.
Regards,
Justin
Views
Replies
Total Likes
Dear experts,
any help here?
Views
Replies
Total Likes
Thanks Justin for the clarification :)
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Like
Replies