Is digest authentication in Apache Sling possible?
Is digest auth possible in Apache Sli开发者_JS百科ng? If so any pointers appreciated!
It's not currently supported but it's definitely possible to add it.
In Sling, an AuthenticationHandler extracts credentials from an HTTP request for authentication by JackRabbit. The source for the standard HTTP AuthenticationHandler is here:
http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/
It doesn't currently support digest authentication, but would serve as a starting point for building it.
Theoretically digest would be possible. But since Jackrabbit stores user passwords in hashed form it would probably not be easy to implemented.
IMHO using SSL with Basic Authentication might be preferrable to using Digest authentication.
Or you might want to consider different authentication mechanisms such as OpenID.
精彩评论