AbstractAuthenticationFormServlet provides a basic
implementation of a simple servlet to render a login form for authentication
purposes.AuthenticationHandler implementations
should extend DefaultAuthenticationFeedbackHandler
directly and use the utility methods in the AuthUtil
class.AbstractAuthenticationHandlerHolder is a base class to
represent authentication handlers (both legacy and new ones) for use in the
SlingAuthenticator.org.apache.sling.auth.core.impl.SlingAuthenticator.AuthenticationHandler service to
indicate whether its
AuthenticationHandler.requestCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method supports non-browser requests (according to
AuthUtil.isBrowserRequest(javax.servlet.http.HttpServletRequest)
or not.AuthenticationInfo object returned
by the
AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method indicating a first authentication considered to be a login.sling.auth.requirements registration property which is used
to dynamically extend the authentication requirements for the AuthenticationSupport.AuthenticationHandler.AuthConstants provides a collection of constants used to
configure and customize the Sling authentication infrastructure.authInfo map.AuthenticationFeedbackHandler may be implemented by
AuthenticationHandler services to request being informed on the
success or failure of authentication.AuthenticationHandler interface defines the service API used
by the authentication implementation to support plugin various ways of
extracting credentials from the request.AuthenticationHandler
insteadinvalid_login: indicates username/password mismatch.
password_expired: indicates password has expired or was never set and
change initial password is enabled
account_locked: the account was disabled or locked
account_not_found: the account was not found (not the same as username password mismatch)
AuthenticationInfo conveys any authentication credentials
and/or details extracted by the
AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method from the request.AuthenticationInfo.AuthenticationInfo(String, Credentials, String) method would be
called with a null workspace name.authInfo map.DefaultAuthenticationFeedbackHandler.handleRedirect(HttpServletRequest, HttpServletResponse) method
to optionally redirect the request after successful authentication.AuthenticationSupport provides the service API used to
implement the HttpContext.handleSecurity method as defined in
the OSGi Http Service specification.AuthenticationSupport insteadAuthUtil provides utility functions for implementations of
AuthenticationHandler services and
users of the Sling authentication infrastructure.AuthenticationInfo.AUTH_TYPE property.other PathBasedHolder
instance.AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method to inform the caller, that a response has been sent to the client
to request for credentials.authenticate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method to indicate an ongoing authentication transaction.AuthenticationHandler.PATH_PROPERTY request attribute to
this PathBasedHolder.fullPath and calls the
AbstractAuthenticationHandlerHolder.doDropCredentials(HttpServletRequest, HttpServletResponse) to
have the credentials dropped by the held authentication handler.EngineAuthenticationHandlerHolder class represents an
old-style Sling AuthenticationHandler service in the internal data
structure of the
SlingAuthenticator.EngineSlingAuthenticator class is a simple proxy service
providing the old Sling Engine Authenticator service calling into the
new standalone Apache Sling
AuthenticationSupport service.true if the other object is the same as this or if
it is an instance of the same class with the same full path and the same
provider (ServiceReference).AuthenticationHandler.PATH_PROPERTY request attribute to
this PathBasedHolder.fullPath and calls the
AbstractAuthenticationHandlerHolder.extractCredentials(HttpServletRequest, HttpServletResponse) to
have the credentials extracted from the request.AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method to inform the caller that credential extraction failed for some
reason.AuthenticationHandler.extractCredentials(HttpServletRequest, HttpServletResponse)
method if AuthenticationInfo.FAIL_AUTH is returned.AuthenticationHandler.extractCredentials(HttpServletRequest, HttpServletResponse)
method if AuthenticationInfo.FAIL_AUTH is returned.AuthUtil.getAttributeOrParameter(HttpServletRequest, String, String)AuthenticationInfo.AUTH_TYPE property
in this map.Class.getResourceAsStream.Class.getResourceAsStream.null if none is provided.AuthUtil.getLoginResource(HttpServletRequest, String)ResourceResolverFactory.PASSWORD property or
null if the password is not set in this map.j_reason request parameter.resource request parameter.ResourceResolverFactory.USER property or
null if the user is not set in this map.true if the request has been redirected.HttpContext instance extracting credentials from the request
using any registered
AuthenticationHandler services.true if the request is to be considered an AJAX
request placed using the XMLHttpRequest browser host object.true if the given request can be assumed to be sent
by a client browser such as Firefix, Internet Explorer, etc.true if the given redirect target is
valid according to the following list of requirements:
The target is neither null nor an empty
string
The target is not an URL which is identified by the
character sequence :// separating the scheme from the host
The target is normalized such that it contains no
consecutive slashes and no path segment contains a single or double dot
The target must be prefixed with the servlet context
path
If a ResourceResolver is available as a request
attribute the target (without the servlet context path
prefix) must resolve to an existing resource
If a ResourceResolver is not available as a
request attribute the target must be an absolute path
starting with a slash character does not contain any of the characters
<, >, ', or "
in plain or URL encoding
AuthUtil.isRedirectValid(HttpServletRequest, String).
Use the latter method.true if the the client just asks for validation of
submitted username/password credentials.AuthUtil.isValidateRequest(HttpServletRequest)AuthenticationHandler for the given request and call its
requestAuthentication(HttpServletRequest, HttpServletResponse)
method to initiate an authentication process with the client to login to
Sling.LoginServlet lets the Authenticator do the login.AuthenticationHandler
authentication handlers.LogoutServlet lets the Authenticator
do the logout.AuthenticatorAuthUtil
class.PathBasedHolder provides the basic abstraction for managing
authentication handler and authentication requirements in the
SlingAuthenticator with the following base functionality:
Provide location of control through its path fields
Support orderability of instances by being Comparable and
ordering according to the PathBasedHolder.fullPath and the
ServiceReference of the provider service
Support PathBasedHolder.equals(Object) and PathBasedHolder.hashCode() compatible with
the Comparable implementation.
serviceReference.key to a new
value.key and returns its former
value (if existing).AuthenticationSupport.handleSecurity(HttpServletRequest, HttpServletResponse) method
if authentication succeeds and true is returned.type if
authentication will be requested through
AuthenticationHandler.requestCredentials(HttpServletRequest, HttpServletResponse).AuthenticationHandler.PATH_PROPERTY request attribute to
this PathBasedHolder.fullPath and calls the
AbstractAuthenticationHandlerHolder.doRequestCredentials(HttpServletRequest, HttpServletResponse) to
have the credentials requested from the client.AuthConstants.X_REASON header.AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse)AuthUtil.sendRedirect(HttpServletRequest, HttpServletResponse, String, Map)AuthUtil.sendValid(HttpServletResponse)Authenticator.LOGIN_RESOURCE request
attribute is set to a non-null, non-empty string.AuthUtil.setLoginResourceAttribute(HttpServletRequest, String)SlingAuthenticator class is the default implementation for
handling authentication.AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse) method if the provided
credentials cannot be used for login.AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse) method if the provided
credentials cannot be used for login.Copyright © 2007–2017 The Apache Software Foundation. All rights reserved.