public final class AuthConstants extends Object
AuthConstants
provides a collection of constants used to
configure and customize the Sling authentication infrastructure.
This class can neither be extended from nor can it be instantiated.
Modifier and Type | Field and Description |
---|---|
static String |
AUTH_HANDLER_BROWSER_ONLY
Service Registration property which may be set by an
AuthenticationHandler service to
indicate whether its
AuthenticationHandler.requestCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method supports non-browser requests (according to
AuthUtil.isBrowserRequest(javax.servlet.http.HttpServletRequest)
or not. |
static String |
AUTH_INFO_LOGIN
Marker property in the
AuthenticationInfo object returned
by the
AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method indicating a first authentication considered to be a login. |
static String |
AUTH_REQUIREMENTS
Any OSGi service may provide a
sling.auth.requirements registration property which is used
to dynamically extend the authentication requirements for the AuthenticationSupport . |
static String |
PAR_J_VALIDATE
The name of the request parameter indicating that the submitted username
and password should just be checked and a status code be set for success
(200/OK) or failure (403/FORBIDDEN).
|
static String |
TOPIC_LOGIN
The topic for the OSGi event which is sent when a user has logged in successfully.
|
static String |
X_REASON
The name of the request header set by the
AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse) method if the provided
credentials cannot be used for login. |
static String |
X_REASON_CODE
The name of the request header set by the
AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse) method if the provided
credentials cannot be used for login. |
public static final String PAR_J_VALIDATE
public static final String X_REASON
AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse)
method if the provided
credentials cannot be used for login.
This header may be inspected by clients for a reason why the request failed.
public static final String X_REASON_CODE
AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse)
method if the provided
credentials cannot be used for login.
This header may be inspected by clients for a a detailed reason code why the request failed.
public static final String AUTH_HANDLER_BROWSER_ONLY
AuthenticationHandler
service to
indicate whether its
AuthenticationHandler.requestCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method supports non-browser requests (according to
AuthUtil.isBrowserRequest(javax.servlet.http.HttpServletRequest)
or not.
For backwards compatibility with existing
AuthenticationHandler
services the
default assumption in the absence of this property is that all requests
are supported.
If this property is set to true
or yes
(case-insensitive check) the handler is not called for requests assumed
to be sent from non-browser clients. Any other value of this property
indicates support for non-browser requests by the handler.
Note that this property only influences whether the
requestCredentials
method is called or not. The
extractCredentials
and dropCredentials
are
called regardless of this property.
public static final String AUTH_INFO_LOGIN
AuthenticationInfo
object returned
by the
AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
method indicating a first authentication considered to be a login.
By setting this property to any non-null
value an
AuthenticationHandler
indicates,
that the TOPIC_LOGIN
event should be fired after successfully
acquiring the ResourceResolver
.
public static final String TOPIC_LOGIN
SlingConstants.PROPERTY_USERID
and the AuthenticationInfo.AUTH_TYPE
properties.public static final String AUTH_REQUIREMENTS
sling.auth.requirements
registration property which is used
to dynamically extend the authentication requirements for the AuthenticationSupport
.
This may for example be set by AuthenticationHandler implementations providing
a login form to ensure access to the login form does not require authentication. The value
of this property is a single string, an array of strings or a Collection of strings.
Each string can be an absolute path (such as /content) or and absolute URI (such as
http://thehost/content). Optionally each entry may be prefixed by a plus (+) or minus (-) sign
indicating that authentication is required (plus) or not required (minus).Copyright © 2017 The Apache Software Foundation. All rights reserved.