org.apache.sling.auth.core
Interface AuthenticationSupport


public interface AuthenticationSupport

The AuthenticationSupport provides the service API used to implement the HttpContext.handleSecurity method as defined in the OSGi Http Service specification.

Bundles registering servlets and/or resources with custom HttpContext implementations may implement the handleSecurity method using this service. The handleSecurity(HttpServletRequest, HttpServletResponse) method implemented by this service exactly implements the specification of the HttpContext.handleSecurity method.

A simple implementation of the HttpContext interface based on this could be (using SCR JavaDoc tags of the Maven SCR Plugin) :

 /** @scr.component */
 public class MyHttpContext implements HttpContext {
     /** @scr.reference */
     private AuthenticationSupport authSupport;

     /** @scr.reference */
     private MimeTypeService mimeTypes;

     public boolean handleSecurity(HttpServletRequest request,
             HttpServletResponse response) {
         return authSupport.handleSecurity(request, response);
     }

     public URL getResource(String name) {
         return null;
     }

     public String getMimeType(String name) {
         return mimeTypes.getMimeType(name);
     }
 }
 

This interface is implemented by this bundle and is not intended to be implemented by client bundles.


Field Summary
static String REDIRECT_PARAMETER
          The name of the request parameter indicating where to redirect to after successful authentication (and optional impersonation).
static String REQUEST_ATTRIBUTE_RESOLVER
          The name of the request attribute set by the handleSecurity(HttpServletRequest, HttpServletResponse) method if authentication succeeds and true is returned.
static String SERVICE_NAME
          The name under which this service is registered.
 
Method Summary
 boolean handleSecurity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Handles security on behalf of a custom OSGi Http Service HttpContext instance extracting credentials from the request using any registered AuthenticationHandler services.
 

Field Detail

SERVICE_NAME

static final String SERVICE_NAME
The name under which this service is registered.

See Also:
Constant Field Values

REQUEST_ATTRIBUTE_RESOLVER

static final String REQUEST_ATTRIBUTE_RESOLVER
The name of the request attribute set by the handleSecurity(HttpServletRequest, HttpServletResponse) method if authentication succeeds and true is returned.

The request attribute is set to a Sling ResourceResolver attached to the JCR repository using the credentials provided by the request.

See Also:
Constant Field Values

REDIRECT_PARAMETER

static final String REDIRECT_PARAMETER
The name of the request parameter indicating where to redirect to after successful authentication (and optional impersonation). This parameter is respected if either anonymous authentication or regular authentication succeed.

If authentication fails, either because the credentials are wrong or because anonymous authentication fails or because anonymous authentication is not allowed for the request, the parameter is ignored and the AuthenticationHandler.requestCredentials(HttpServletRequest, HttpServletResponse) method is called to request authentication.

See Also:
Constant Field Values
Method Detail

handleSecurity

boolean handleSecurity(javax.servlet.http.HttpServletRequest request,
                       javax.servlet.http.HttpServletResponse response)
Handles security on behalf of a custom OSGi Http Service HttpContext instance extracting credentials from the request using any registered AuthenticationHandler services. If the credentials can be extracted and used to log into the JCR repository this method sets the request attributes required by the OSGi Http Service specification plus the REQUEST_ATTRIBUTE_RESOLVER attribute.

Parameters:
request - The HTTP request to be authenticated
response - The HTTP response to send any response to in case of problems.
Returns:
true if authentication succeeded and the request attribtues are set. If false is returned the request is immediately terminated and no request attributes are set.


Copyright © 2007-2011 The Apache Software Foundation. All Rights Reserved.