For example an external SSO login module can extract the userid from a servlet request and use it to authenticate against the repository. But instead of .