Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

How SlingAuthenticationHandler talks to CRXLogin module

Sam205505050
Level 6
Level 6

  I read about this point here. But after I could not able to figure out how AuthenticationInfo object is passed to CRXLoginModule . What I have understood the flow of SlingAuthenticationHandler is as follows -

1.SlingAuthenticator calls the AuthenticationHandler (the CQ default is TokenAuthenticationHandler)

2. The AuthenticationHandler returns AuthenticationInfo with username and password. In the code of SlingAuthenticationHandler and it just sends the AuthenticationInfo object from TokenUtil.createCredentials(request, response, this.repository, username, true); The code of TokenUtil class says - 

adminSession = repository.loginAdministrative(null);

   SimpleCredentials sc = new SimpleCredentials(userId, new char[0]);
      sc.setAttribute(".token", "");
      userSession = adminSession.impersonate(sc);

      TokenCredentials tc = new TokenCredentials((String)sc.getAttribute(".token"));
      AuthenticationInfo authInfo = new AuthenticationInfo("TOKEN", userId);
      authInfo.put("user.jcr.credentials", tc);

3. adminSession.impersonate(sc) calls org.apache.jackrabbit.core.SessionImpl.impersonate(Credential crd) which again calls org.apache.jackrabbit.core.RepositoryImpl.login and it allows to login and creates token in commit() method of org.apache.jackrabbit.core.security.authentication.DefaultLoginModule . 

Questions: Q1) How CRXLoginModule is invoked when adminSession.impersonate(sc)  is executed? Which class file is responsible for this? 

Q2) I saw the code of SlingAuthenticator but it does not call javax.jcr.RepositoryFactory or com.day.crx.core.CRXRepositoryFactory. How sling passes AuthenticationInfo object to CRXLoginModule? 

Kindly help me to understand the flow. Appriciate your help!

Best regards,

Sam

1 Accepted Solution
justin_at_adobe
Correct answer by
Employee
Employee

Hi Sam,

Regardless of how they are formed, the SlingAuthenticator takes the AuthenticationInfo object (which is fundamentally just a map) and passes it into the ResourceResolverFactory.getResourceResolver() method. In turn, the JcrResourceProviderFactory (or JcrResourceResolverFactory, depending on what version of AEM you're using) transforms this map into a Credentials object and then passes it to Repository.login() which then invokes the JAAS login modules.

Regards,

Justin

View solution in original post

3 Replies
justin_at_adobe
Correct answer by
Employee
Employee

Hi Sam,

Regardless of how they are formed, the SlingAuthenticator takes the AuthenticationInfo object (which is fundamentally just a map) and passes it into the ResourceResolverFactory.getResourceResolver() method. In turn, the JcrResourceProviderFactory (or JcrResourceResolverFactory, depending on what version of AEM you're using) transforms this map into a Credentials object and then passes it to Repository.login() which then invokes the JAAS login modules.

Regards,

Justin

View solution in original post

Sam205505050
Level 6
Level 6

Thanks Justin for the clarification 🙂