-
Bug
-
Resolution: Fixed
-
Critical
-
3.6.1
-
None
... or at least it shouldn't call login() in the JCRAuthenticationModule.
The problem is that JcrAuthorizationModule should be usable to handle jcr authorization (expand groups and roles to ACLs), regardless of the authentication method used. But if you try to supply a different Authorization module, at least if this module uses different callbacks from the JcrAuthenticationModule, the login() method in the JCRAuthenticationModule will never pass.
Acceptance criteria