I read about this point here. But after I could not able to figure out how AuthenticationInfo object is passed to CRXLoginModule . What I have understood the flow of SlingAuthenticationHandler is as follows -
1.SlingAuthenticator calls the AuthenticationHandler (the CQ default is TokenAuthenticationHandler)
2. The AuthenticationHandler returns AuthenticationInfo with username and password. In the code of SlingAuthenticationHandler and it just sends the AuthenticationInfo object from TokenUtil.createCredentials(request, response, this.repository, username, true); The code of TokenUtil class says -
adminSession = repository.loginAdministrative(null);
SimpleCredentials sc = new SimpleCredentials(userId, new char[0]);
sc.setAttribute(".token", "");
userSession = adminSession.impersonate(sc);
TokenCredentials tc = new TokenCredentials((String)sc.getAttribute(".token"));
AuthenticationInfo authInfo = new AuthenticationInfo("TOKEN", userId);
authInfo.put("user.jcr.credentials", tc);
3. adminSession.impersonate(sc) calls org.apache.jackrabbit.core.SessionImpl.impersonate(Credential crd) which again calls org.apache.jackrabbit.core.RepositoryImpl.login and it allows to login and creates token in commit() method of org.apache.jackrabbit.core.security.authentication.DefaultLoginModule .
Questions: Q1) How CRXLoginModule is invoked when adminSession.impersonate(sc) is executed? Which class file is responsible for this?
Q2) I saw the code of SlingAuthenticator but it does not call javax.jcr.RepositoryFactory or com.day.crx.core.CRXRepositoryFactory. How sling passes AuthenticationInfo object to CRXLoginModule?
Kindly help me to understand the flow. Appriciate your help!
Best regards,
Sam
