Request Processing
Main process
The following steps should give you an overview how a request is processed in Sling. Details can be found under provided links.
Step 1
The client sends the request
Step 2
This step applies only if a Servlet Container is installed and Sling is embedded:
Servlet Container gets request and forwards to OSGi HttpService
Step 3
OSGi HttpService looks for responsible registered Servlet or resource (see 102.4 of the OSGi compendium)
Step 4
OSGi HttpService calls handleSecurity of the HttpContext associated with the servlet/resource. In case of Sling this calls into SlingMainServlet.handleSecurity and then into SlingAuthenticator.authenticate
Step 4a
SlingAuthenticator selects an authentication handler for the request and forwards the authenticate call. On success a javax.jcr.Session is created, the request attributes required by the HTTP Service spec are set (like org.osgi.service.http.authentication.remote.user and org.osgi.service.http.authentication.type}}and also the {{javax.jcr.Session which is used later is set in the request attributes.
On success, continue with step 5.
Step 4b
If authentication fails either an anonymous session is acquired (if anonymous is allowed per configuration) or the login method is called.
If anonymous is allowed, continue with step 5.
Step 4c
The login method selects an AuthenticationHandler and forwards the login call to the AuthenticationHandler.requestAuthentication method to cause the client to authenticate. Request processing stops here (SlingMainServlet.handleSecurity returns false).
Step 5
After getting a response the HttpService either terminates the request (if authentication failed and SlingMainServlet.handleSecurity returned false) or continues by either spooling the resource or in the case of Sling calling the SlingMainServlet.service method.
Step 6
The SlingMainServlet.service method is the entry point into the Sling proper. This method sets up the request:
- Wraps the HttpServletRequest and the HttpServletResponse into the SlingHttpServletRequest and the SlingHttpServletResponse
- Checks if Sling is ready for processing the request (checks at the moment for an existing ResourceResolverFactory service, a ServletResolver service and a MimeTypeService)
- Create the ResourceResolver based on the Session (by default creates a JcrResourceResolver2)
- Locate the Resource on the basis of the request by calling ResourceResovler.resolve through RequestData.initResource (see also URL decomposition)
- Locate the servlet or script (see Servlets) by calling ServletResolver.resolveServlet through RequestData.initServlet
Step 7
After this setup, the request level filters are called (the ones registered as javax.servlet.Filter with the property filter.scope=request, see Filters for details).
If any called filter doesn't call FilterChain.doFilter at the end of the Filter.doFilter method request processing stops here.
Step 8
After having called all request level filters, the component level filters (registered with the property filter.scope=component, see Filters for details) are called.
Step 9
After having called the component level filters, the request servlet or script is finally called to process the request.
Include/Forward
If a servlet or script is including another resource for processing through the RequestDispatcher.include or RequestDispatcher.forward (or any JSP or feature of another scripting language which relies on one of this two methods) the following processing takes place:
Step 1
Code in the processing servlet or script calls RequestDispatcher.include or RequestDispatcher.forward.
Step 2
The resource is resolved though ResourceResolver.getResource (if the RequestDispatcher has not been created with a resource already)
Step 3
The servlet or script to handle the resource is resolved calling the ServletResolver.resolverServlet method.
Step 4
The component level filters (registered with the property filter.scope=component) are called again (see Filters for details).
Step 5
The servlet or script is called to process the request.
Note that these steps are processed for every include or forward call.