Normal Description
Inject credentials into the CMS with a servlet request attribute. This removes the responsibility of creating the credentials object from the plugin framework and into either
- a login plugin (for the cms or console applications)
- a servlet (portlet?) filter
When possible, use the (serializable) Credentials interface, don't depend on the SimpleCredentials implementation.
It should also be possible to implement logout; i.e. when a user logs out in a single sign on environment, it should be possible for this environment to log the user out from the cms/repository as well.
This feature would remove the necessity to subclass the frontend engine Main class to provide credentials to the CMS.