Package org.apache.sling.auth.core.impl

Class SlingAuthenticator

  • All Implemented Interfaces:
    EventListener, javax.servlet.ServletRequestListener, org.apache.sling.api.auth.Authenticator, AuthenticationSupport
    public class SlingAuthenticator
extends Object
implements org.apache.sling.api.auth.Authenticator, AuthenticationSupport, javax.servlet.ServletRequestListener
    The SlingAuthenticator class is the default implementation for handling authentication. This class supports :
    • Support for login sessions where session ids are exchanged with cookies
    • Support for multiple authentication handlers, which must implement the AuthenticationHandler interface.

    Currently this class does not support multiple handlers for any one request URL.

    • Constructor Detail

      • SlingAuthenticator

        public SlingAuthenticator()

    • Method Detail

      • handleSecurity

        public boolean handleSecurity​(javax.servlet.http.HttpServletRequest request,
                              javax.servlet.http.HttpServletResponse response)
        Checks the authentication contained in the request. This check is only based on the original request object, no URI translation has taken place yet.

        Specified by:
        handleSecurity in interface AuthenticationSupport
        Parameters:
        request - The request object containing the information for the authentication.
        response - The response object which may be used to send the information on the request failure to the user.
        Returns:
        true if request processing should continue assuming successful authentication. If false is returned it is assumed a response has been sent to the client and the request is terminated.

      • login

        public void login​(javax.servlet.http.HttpServletRequest request,
                  javax.servlet.http.HttpServletResponse response)
        Requests authentication information from the client. Returns true if the information has been requested and request processing can be terminated. Otherwise the request information could not be requested and the request should be terminated with a 403/FORBIDDEN response.

        Any response sent by the handler is also handled by the error handler infrastructure.

        Specified by:
        login in interface org.apache.sling.api.auth.Authenticator
        Parameters:
        request - The request object
        response - The response object to which to send the request
        Throws:
        IllegalStateException - If response is already committed
        org.apache.sling.api.auth.NoAuthenticationHandlerException - If no authentication handler claims responsibility to authenticate the request.

      • logout

        public void logout​(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)
        Logs out the user calling all applicable AuthenticationHandler authentication handlers.
        Specified by:
        logout in interface org.apache.sling.api.auth.Authenticator

      • requestInitialized

        public void requestInitialized​(javax.servlet.ServletRequestEvent sre)
        Specified by:
        requestInitialized in interface javax.servlet.ServletRequestListener

      • requestDestroyed

        public void requestDestroyed​(javax.servlet.ServletRequestEvent sre)
        Specified by:
        requestDestroyed in interface javax.servlet.ServletRequestListener