Details
-
Feature Request
-
Resolution: Done
-
Major
-
2.4.0.Final
-
Documentation (Ref Guide, User Guide, etc.)
-
Low
Description
At the present time, the only way to use anonymous users is to not supply a Credentials object in the Repository.login methods. We should have an AnonymousCredentials class in 'modeshape-jcr-api' that can be used by applications that prefer to have a Credentials object:
Session session = repository.login(new AnonymousCredentials());
This would be done today with:
Session session = repository.login();
or
Session session = repository.login(null,workspaceName);
Also, we should create a ServletCredentials implementation in 'modeshape-web-jcr' that could be used as follows:
HttpServletRequest request = ...
Session session = repository.login(new ServletCredentials(request));
This is a little easier than the current mechanism:
HttpServletRequest request = ... SecurityContext securityContext = new ServletSecurityContext(request); Session session = repository.login(new SecurityContextCredentials(securityContext));
This change would not break any existing application code, but merely provides alternatives that are slightly easier to use.
Attachments
Issue Links
- is related to
-
-
- Closed
-
