SlingAuthenticator (Apache Sling Authentication Service 1.4.2 API)

java.lang.Object
- org.apache.sling.auth.core.impl.SlingAuthenticator

All Implemented Interfaces:: EventListener, javax.servlet.ServletRequestListener, org.apache.sling.api.auth.Authenticator, AuthenticationSupport

@Service(value={org.apache.sling.api.auth.Authenticator.class,AuthenticationSupport.class,javax.servlet.ServletRequestListener.class})
 @Property(name="osgi.http.whiteboard.context.select",value="(osgi.http.whiteboard.context.name=*)") @Property(name="osgi.http.whiteboard.listener",value="true") @Property(name="service.vendor",value="The Apache Software Foundation")
public class SlingAuthenticator
extends Object
implements org.apache.sling.api.auth.Authenticator, AuthenticationSupport, javax.servlet.ServletRequestListener

The SlingAuthenticator class is the default implementation for handling authentication. This class supports :

Support for login sessions where session ids are exchanged with cookies
Support for multiple authentication handlers, which must implement the AuthenticationHandler interface.

Currently this class does not support multiple handlers for any one request URL.

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`PAR_ANONYMOUS_ALLOWED`
`static String`	`PAR_AUTH_URI_SUFFIX` The name of the configuration property used to set a (potentially empty) list of request URI suffixes intended to be handled by authentication handlers.
`static String`	`PAR_IMPERSONATION_COOKIE_NAME`
`static String`	`PAR_IMPERSONATION_PAR_NAME`
`static String`	`PAR_REALM_NAME` The name of the configuration property used to set the Realm of the built-in HTTP Basic authentication handler.

Fields inherited from interface org.apache.sling.api.auth.Authenticator
LOGIN_RESOURCE, SERVICE_NAME

Fields inherited from interface org.apache.sling.auth.core.AuthenticationSupport
REDIRECT_PARAMETER, REQUEST_ATTRIBUTE_RESOLVER, SERVICE_NAME

Constructor Summary

Constructors
Constructor and Description

SlingAuthenticator()

Constructors
Constructor and Description
`SlingAuthenticator()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`handleSecurity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Checks the authentication contained in the request.
`void`	`login(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Requests authentication information from the client.
`void`	`logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Logs out the user calling all applicable `AuthenticationHandler` authentication handlers.
`void`	`requestDestroyed(javax.servlet.ServletRequestEvent sre)`
`void`	`requestInitialized(javax.servlet.ServletRequestEvent sre)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - PAR_IMPERSONATION_COOKIE_NAME
```
@Property(value="sling.sudo")
public static final String PAR_IMPERSONATION_COOKIE_NAME
```
    See Also:
    
    Constant Field Values
  - PAR_IMPERSONATION_PAR_NAME
```
@Property(value="sudo")
public static final String PAR_IMPERSONATION_PAR_NAME
```
    See Also:
    
    Constant Field Values
  - PAR_ANONYMOUS_ALLOWED
```
@Property(boolValue=true)
public static final String PAR_ANONYMOUS_ALLOWED
```
    See Also:
    
    Constant Field Values
  - PAR_REALM_NAME
```
@Property(value="Sling (Development)")
public static final String PAR_REALM_NAME
```
    The name of the configuration property used to set the Realm of the built-in HTTP Basic authentication handler.
    
    See Also:
    
    Constant Field Values
  - PAR_AUTH_URI_SUFFIX
```
@Property(value="/j_security_check",
          unbounded=ARRAY)
public static final String PAR_AUTH_URI_SUFFIX
```
    The name of the configuration property used to set a (potentially empty) list of request URI suffixes intended to be handled by authentication handlers.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - SlingAuthenticator
```
public SlingAuthenticator()
```
- Method Detail
  - handleSecurity
```
public boolean handleSecurity(javax.servlet.http.HttpServletRequest request,
                              javax.servlet.http.HttpServletResponse response)
```
    Checks the authentication contained in the request. This check is only based on the original request object, no URI translation has taken place yet.
    
    Specified by:
    
    handleSecurity in interface AuthenticationSupport
    
    Parameters:
    
    request - The request object containing the information for the authentication.
    
    response - The response object which may be used to send the information on the request failure to the user.
    
    Returns:
    
    true if request processing should continue assuming successful authentication. If false is returned it is assumed a response has been sent to the client and the request is terminated.
  - login
```
public void login(javax.servlet.http.HttpServletRequest request,
                  javax.servlet.http.HttpServletResponse response)
```
    Requests authentication information from the client. Returns true if the information has been requested and request processing can be terminated. Otherwise the request information could not be requested and the request should be terminated with a 403/FORBIDDEN response.
    Any response sent by the handler is also handled by the error handler infrastructure.
    
    Specified by:
    
    login in interface org.apache.sling.api.auth.Authenticator
    
    Parameters:
    
    request - The request object
    
    response - The response object to which to send the request
    
    Throws:
    
    IllegalStateException - If response is already committed
    
    org.apache.sling.api.auth.NoAuthenticationHandlerException - If no authentication handler claims responsibility to authenticate the request.
  - logout
```
public void logout(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)
```
    Logs out the user calling all applicable AuthenticationHandler authentication handlers.
    
    Specified by:
    
    logout in interface org.apache.sling.api.auth.Authenticator
  - requestInitialized
```
public void requestInitialized(javax.servlet.ServletRequestEvent sre)
```
    Specified by:
    
    requestInitialized in interface javax.servlet.ServletRequestListener
  - requestDestroyed
```
public void requestDestroyed(javax.servlet.ServletRequestEvent sre)
```
    Specified by:
    
    requestDestroyed in interface javax.servlet.ServletRequestListener

Class SlingAuthenticator

Field Summary

Fields inherited from interface org.apache.sling.api.auth.Authenticator

Fields inherited from interface org.apache.sling.auth.core.AuthenticationSupport

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

PAR_IMPERSONATION_COOKIE_NAME

PAR_IMPERSONATION_PAR_NAME

PAR_ANONYMOUS_ALLOWED

PAR_REALM_NAME

PAR_AUTH_URI_SUFFIX

Constructor Detail

SlingAuthenticator

Method Detail

handleSecurity

login

logout

requestInitialized

requestDestroyed