We have users accessing the publisher instance, whose profiles are managed with an external system and injected on their requests to cq by an upstream proxy (as headers).
We do not (and can not) have those users themselves in the repository only group principals that those users have.
We have implemented a custom authentication handler for this situation (authenticating against the injected request headers,which works) and additionally planned to have a custom LoginModulePlugin (as described with the sling 6 api) to enrich the subject by the addPrincipal method with the group memberships from the headers (groups which actually exist in the repo).
But these api's are not available in CQ 5.5 / 5.6. Regardless of whether using CRXDE or CRXDELight.
As said i need different types (LoginModulePlugin, AuthenticationPlugin, AccessManagerPlugin, ...) from the Sling 6:
org.apache.sling.jcr.jackrabbit.server.security
org.apache.sling.jcr.jackrabbit.server.security.accessmanager
Is there any reason for this?
And most important, is there any alternative approach?
Many thanks for any hints on this!
Regards
Paolo