org.apache.sling.auth.core.spi
Interface AuthenticationHandler

All Known Implementing Classes:
AbstractAuthenticationHandler, SelectorAuthenticationHandler

public interface AuthenticationHandler

The AuthenticationHandler interface defines the service API used by the authentication implementation to support plugin various ways of extracting credentials from the request.


Field Summary
static String FAILURE_REASON
          Name of the request attribute which may be set by the extractCredentials(HttpServletRequest, HttpServletResponse) method if AuthenticationInfo.FAIL_AUTH is returned.
static String PATH_PROPERTY
          The name of the service registration property listing one or more URL paths for which the authentication handler is to be used.
static String REQUEST_LOGIN_PARAMETER
          The request parameter which may be used to explicitly select an authentication handler by its type if authentication will be requested through requestCredentials(HttpServletRequest, HttpServletResponse).
static String SERVICE_NAME
          The name under which an implementation of this interface must be registered to be used as an authentication handler.
static String TYPE_PROPERTY
          The name of the service registration property (single string) providing the authentication type of authentication handler.
 
Method Summary
 void dropCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Drops any credential and authentication details from the request and asks the client to do the same.
 AuthenticationInfo extractCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Extracts credential data from the request if at all contained.
 boolean requestCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Requests authentication information from the client.
 

Field Detail

SERVICE_NAME

static final String SERVICE_NAME
The name under which an implementation of this interface must be registered to be used as an authentication handler.

See Also:
Constant Field Values

PATH_PROPERTY

static final String PATH_PROPERTY
The name of the service registration property listing one or more URL paths for which the authentication handler is to be used. The property may be a single string value or an array of strings or a Collection of strings.

Each string value may either be an absolute path (e.g. /content) or an absolute URL (e.g. http://thehost/content) to assign the authentication handler to authenticate request for a select virtual host.

Authentication handlers without a path service registration property are ignored.

See Also:
Constant Field Values

TYPE_PROPERTY

static final String TYPE_PROPERTY
The name of the service registration property (single string) providing the authentication type of authentication handler. This is the same value as will be returned as the authentication type returned by the extractCredentials(HttpServletRequest, HttpServletResponse) method.

This property is optional but allows the client to optionally select the authentication handler which will actually request credentials upon the requestCredentials(HttpServletRequest, HttpServletResponse) method.

See Also:
REQUEST_LOGIN_PARAMETER, Constant Field Values

REQUEST_LOGIN_PARAMETER

static final String REQUEST_LOGIN_PARAMETER
The request parameter which may be used to explicitly select an authentication handler by its type if authentication will be requested through requestCredentials(HttpServletRequest, HttpServletResponse).

See Also:
requestCredentials(HttpServletRequest, HttpServletResponse), TYPE_PROPERTY, Constant Field Values

FAILURE_REASON

static final String FAILURE_REASON
Name of the request attribute which may be set by the extractCredentials(HttpServletRequest, HttpServletResponse) method if AuthenticationInfo.FAIL_AUTH is returned.

This result may be used by authentication handlers to inform the user of any failures.

Since:
1.0.2 (Bundle version 1.0.4)
See Also:
extractCredentials(HttpServletRequest, HttpServletResponse), Constant Field Values
Method Detail

extractCredentials

AuthenticationInfo extractCredentials(javax.servlet.http.HttpServletRequest request,
                                      javax.servlet.http.HttpServletResponse response)
Extracts credential data from the request if at all contained.

The method returns any of the following values :

value description
null no user details were contained in the request or the handler is not capable or willing to extract credentials from the request
AuthenticationInfo.DOING_AUTH the handler is in an ongoing authentication transaction with the client. Request processing should be aborted at this stage.
AuthenticationInfo.FAIL_AUTH the handler failed extracting the credentials from the request for any reason. An example of this result is that credentials are present in the request but they could not be validated and thus not be used for request processing. When returning this value, the authentication handler may also set the FAILURE_REASON request attribute to inform interested parties (including its own requestCredentials(HttpServletRequest, HttpServletResponse) method for the reasons of failure to extract the credentials.
AuthenticationInfo object The user sent credentials. The returned object contains the credentials as well as the type of authentication transmission employed.

The method must not request credential information from the client, if they are not found in the request.

The value of PATH_PROPERTY service registration property value triggering this call is available as the path request attribute. If the service is registered with multiple path values, the value of the path request attribute may be used to implement specific handling.

Parameters:
request - The request object containing the information for the authentication.
response - The response object which may be used to send the information on the request failure to the user.
Returns:
A valid AuthenticationInfo instance identifying the request user, AuthenticationInfo.DOING_AUTH if the handler is in an authentication transaction with the client or null if the request does not contain authentication information. In case of AuthenticationInfo.DOING_AUTH, the method must have sent a response indicating that fact to the client.

requestCredentials

boolean requestCredentials(javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response)
                           throws IOException
Requests authentication information from the client. Returns true if the information has been requested and request processing can be terminated normally. Otherwise the authorization information could not be requested.

The HttpServletResponse.sendError methods should not be used by the implementation because these responses might be post-processed by the servlet container's error handling infrastructure thus preventing the correct operation of the authentication handler. To convey a HTTP response status the HttpServletResponse.setStatus method should be used.

The value of PATH_PROPERTY service registration property value triggering this call is available as the path request attribute. If the service is registered with multiple path values, the value of the path request attribute may be used to implement specific handling.

If the REQUEST_LOGIN_PARAMETER request parameter is set only those authentication handlers registered with an authentication type matching the parameter will be considered for requesting credentials through this method.

A handler not registered with an authentication type will, for backwards compatibility reasons, always be called ignoring the actual value of the REQUEST_LOGIN_PARAMETER parameter.

Parameters:
request - The request object.
response - The response object to which to send the request.
Returns:
true if the handler is able to send an authentication inquiry for the given request. false otherwise.
Throws:
IOException - If an error occurrs sending the authentication inquiry to the client.

dropCredentials

void dropCredentials(javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response)
                     throws IOException
Drops any credential and authentication details from the request and asks the client to do the same.

Parameters:
request - The request object.
response - The response object to which to send the request.
Throws:
IOException - If an error occurrs asking the client to drop any authentication traces.


Copyright © 2007-2011 The Apache Software Foundation. All Rights Reserved.