public final class AuthConstants extends Object
AuthConstants
provides a collection of constants used to
configure and customize the Sling authentication infrastructure.
This class can neither be extended from nor can it be instantiated.
Modifier and Type | Field and Description |
---|---|
static String |
AUTH_HANDLER_BROWSER_ONLY
Service Registration property which may be set by an
AuthenticationHandler service to
indicate whether its
AuthenticationHandler.requestCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method supports non-browser requests (according to
AuthUtil.isBrowserRequest(javax.servlet.http.HttpServletRequest)
or not. |
static String |
AUTH_INFO_LOGIN
Marker property in the
AuthenticationInfo object returned
by the
AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method indicating a first authentication considered to be a login. |
static String |
AUTH_REQUIREMENTS
Any OSGi service may provide a sling.auth.requirements registration property which is used
to dynamically extend the authentication requirements from the Authentication Requirements
configuration.
|
static String |
PAR_J_VALIDATE
The name of the request parameter indicating that the submitted username
and password should just be checked and a status code be set for success
(200/OK) or failure (403/FORBIDDEN).
|
static String |
TOPIC_LOGIN
The topic for the OSGi event which is sent when a user has logged in successfully.
|
static String |
X_REASON
The name of the request header set by the
#sendInvalid(HttpServletRequest, HttpServletResponse) method if the provided
credentials cannot be used for login. |
static String |
X_REASON_CODE
The name of the request header set by the
#sendInvalid(HttpServletRequest, HttpServletResponse) method if the provided
credentials cannot be used for login. |
public static final String PAR_J_VALIDATE
#isValidateRequest(HttpServletRequest)
,
#sendValid(HttpServletResponse)
,
#sendInvalid(HttpServletRequest, HttpServletResponse)
,
Constant Field Valuespublic static final String X_REASON
#sendInvalid(HttpServletRequest, HttpServletResponse)
method if the provided
credentials cannot be used for login.
This header may be inspected by clients for a reason why the request failed.
#sendInvalid(HttpServletRequest, HttpServletResponse)
,
Constant Field Valuespublic static final String X_REASON_CODE
#sendInvalid(HttpServletRequest, HttpServletResponse)
method if the provided
credentials cannot be used for login.
This header may be inspected by clients for a a detailed reason code why the request failed.
#sendInvalid(HttpServletRequest, HttpServletResponse)
,
Constant Field Valuespublic static final String AUTH_HANDLER_BROWSER_ONLY
AuthenticationHandler
service to
indicate whether its
AuthenticationHandler.requestCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method supports non-browser requests (according to
AuthUtil.isBrowserRequest(javax.servlet.http.HttpServletRequest)
or not.
For backwards compatibility with existing
AuthenticationHandler
services the
default assumption in the absence of this property is that all requests
are supported.
If this property is set to true
or yes
(case-insensitive check) the handler is not called for requests assumed
to be sent from non-browser clients. Any other value of this property
indicates support for non-browser requests by the handler.
Note that this property only influences whether the
requestCredentials
method is called or not. The
extractCredentials
and dropCredentials
are
called regardless of this property.
public static final String AUTH_INFO_LOGIN
AuthenticationInfo
object returned
by the
AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method indicating a first authentication considered to be a login.
By setting this property to any non-null
value an
AuthenticationHandler
indicates,
that the TOPIC_LOGIN
event should be fired after successfully
acquiring the ResourceResolver
.
public static final String TOPIC_LOGIN
SlingConstants.PROPERTY_USERID
and the AuthenticationInfo.AUTH_TYPE
properties.public static final String AUTH_REQUIREMENTS
Copyright © 2014 The Apache Software Foundation. All rights reserved.