Home » Documentation » The Sling Engine » Authentication

Authentication - Actors

The authentication process involves a number of actors contributing to the concepts, the API and the particular implementations.

OSGi Http Service Specification

The main support for authentication is defined by the OSGi Http Service specification. This specification defines how an OSGi application can register servlets and resources to build web applications. As part of the servlet and/or resource registration a HttpContext may be provided, which allows for additional support.

The main method of interest to the authentication process is the handleSecurity method. This is called by the OSGi Http Service implementation before the registered servlet is called. Its intent is to authenticate the request and to provide authentication information for the request object: the authentication type and the remote user name.

The Sling Auth Core bundle provides the AuthenticationSupport service which may be used to the implement the HttpContext.handleSecurity method.

Sling Engine

The Sling Engine implements the main entry point into the Sling system by means of the SlingMainServlet. This servlet is registered with the OSGi Http Service and provides a custom HttpContext whose handleSecurity method is implemented by the AuthenticationSupport service.

When the request hits the service method of the Sling Main Servlet, the resource resolver provided by the AuthenticationSupport service is retrieved from the request attributes and used as the resource resolver for the request.

That's all there is for the Sling Engine to do with respect to authentication.

Sling Auth Core

The support for authenticating client requests is implemented in the Sling Auth Core bundle. As such this bundle provides three areas of support

JCR Repository

The actual process of logging into the repository and provided a Session is implementation dependent. In the case of Jackrabbit extensibility is provided by configuration of the Jackrabbit repository by means of an interface and two helper classes:

The Sling Jackrabbit Embedded Repository bundle provides additional plugin interfaces to extend the login process dynamically using OSGi services. To this avail the bundle configures a LoginModule with the provided default Jackrabbit configuration supporting these plugins:

Sling Applications

Sling Applications requiring authenticated requests should not care about how authentication is implemented. To support such functionality the Authenticator service is provided with two methods:

Sling Applications should never directly use any knowledge of any authentication handler or directly call into an authentication handler. This will certainly break the application and cause unexpected behaviour.

If you want to know whether a request is authenticated or not, you can inspect the result of the HttpServletRequest.getAuthType method: If this method returns null the request is not authenticated.
Rev. 1593323 by olli on Thu, 8 May 2014 16:33:44 +0000
Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.