Interface AuthenticationSupport
AuthenticationSupport provides the service API used to
implement the HttpContext.handleSecurity method as defined in
the OSGi Http Service specification.
Bundles registering servlets and/or resources with custom
HttpContext implementations may implement the
handleSecurity method using this service. The
handleSecurity(HttpServletRequest, HttpServletResponse) method
implemented by this service exactly implements the specification of the
HttpContext.handleSecurity method.
A simple implementation of the HttpContext interface based on
this could be (using SCR JavaDoc tags of the Maven SCR Plugin) :
/** @scr.component */
public class MyHttpContext implements HttpContext {
/** @scr.reference */
private AuthenticationSupport authSupport;
/** @scr.reference */
private MimeTypeService mimeTypes;
public boolean handleSecurity(HttpServletRequest request,
HttpServletResponse response) {
return authSupport.handleSecurity(request, response);
}
public URL getResource(String name) {
return null;
}
public String getMimeType(String name) {
return mimeTypes.getMimeType(name);
}
}
This interface is implemented by this bundle and is not intended to be implemented by client bundles.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe name of the request parameter indicating where to redirect to after successful authentication (and optional impersonation).static final StringThe name of the request attribute set by thehandleSecurity(HttpServletRequest, HttpServletResponse)method if authentication succeeds andtrueis returned.static final StringThe name under which this service is registered. -
Method Summary
Modifier and TypeMethodDescriptionbooleanhandleSecurity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Handles security on behalf of a custom OSGi Http ServiceHttpContextinstance extracting credentials from the request using any registeredAuthenticationHandlerservices.
-
Field Details
-
SERVICE_NAME
The name under which this service is registered.- See Also:
-
REQUEST_ATTRIBUTE_RESOLVER
The name of the request attribute set by thehandleSecurity(HttpServletRequest, HttpServletResponse)method if authentication succeeds andtrueis returned.The request attribute is set to a Sling
ResourceResolverattached to the JCR repository using the credentials provided by the request.- See Also:
-
REDIRECT_PARAMETER
The name of the request parameter indicating where to redirect to after successful authentication (and optional impersonation). This parameter is respected if either anonymous authentication or regular authentication succeed.If authentication fails, either because the credentials are wrong or because anonymous authentication fails or because anonymous authentication is not allowed for the request, the parameter is ignored and the
AuthenticationHandler.requestCredentials(HttpServletRequest, HttpServletResponse)method is called to request authentication.- See Also:
-
-
Method Details
-
handleSecurity
boolean handleSecurity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Handles security on behalf of a custom OSGi Http ServiceHttpContextinstance extracting credentials from the request using any registeredAuthenticationHandlerservices. If the credentials can be extracted and used to log into the JCR repository this method sets the request attributes required by the OSGi Http Service specification plus theREQUEST_ATTRIBUTE_RESOLVERattribute.- Parameters:
request- The HTTP request to be authenticatedresponse- The HTTP response to send any response to in case of problems.- Returns:
trueif authentication succeeded and the request attributes are set. Iffalseis returned the request is immediately terminated and no request attributes are set.
-