@ProviderType
public interface AuthenticationSupport
AuthenticationSupport
provides the service API used to
implement the HttpContext.handleSecurity
method as defined in
the OSGi Http Service specification.
Bundles registering servlets and/or resources with custom
HttpContext
implementations may implement the
handleSecurity
method using this service. The
handleSecurity(HttpServletRequest, HttpServletResponse)
method
implemented by this service exactly implements the specification of the
HttpContext.handleSecurity
method.
A simple implementation of the HttpContext
interface based on
this could be (using SCR JavaDoc tags of the Maven SCR Plugin) :
/** @scr.component */ public class MyHttpContext implements HttpContext { /** @scr.reference */ private AuthenticationSupport authSupport; /** @scr.reference */ private MimeTypeService mimeTypes; public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) { return authSupport.handleSecurity(request, response); } public URL getResource(String name) { return null; } public String getMimeType(String name) { return mimeTypes.getMimeType(name); } }
This interface is implemented by this bundle and is not intended to be implemented by client bundles.
Modifier and Type | Field and Description |
---|---|
static String |
REDIRECT_PARAMETER
The name of the request parameter indicating where to redirect to after
successful authentication (and optional impersonation).
|
static String |
REQUEST_ATTRIBUTE_RESOLVER
The name of the request attribute set by the
handleSecurity(HttpServletRequest, HttpServletResponse) method
if authentication succeeds and true is returned. |
static String |
SERVICE_NAME
The name under which this service is registered.
|
Modifier and Type | Method and Description |
---|---|
boolean |
handleSecurity(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Handles security on behalf of a custom OSGi Http Service
HttpContext instance extracting credentials from the request
using any registered
AuthenticationHandler services. |
static final String SERVICE_NAME
static final String REQUEST_ATTRIBUTE_RESOLVER
handleSecurity(HttpServletRequest, HttpServletResponse)
method
if authentication succeeds and true
is returned.
The request attribute is set to a Sling ResourceResolver
attached to the JCR repository using the credentials provided by the
request.
static final String REDIRECT_PARAMETER
If authentication fails, either because the credentials are wrong or
because anonymous authentication fails or because anonymous
authentication is not allowed for the request, the parameter is ignored
and the
AuthenticationHandler.requestCredentials(HttpServletRequest, HttpServletResponse)
method is called to request authentication.
boolean handleSecurity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
HttpContext
instance extracting credentials from the request
using any registered
AuthenticationHandler
services.
If the credentials can be extracted and used to log into the JCR
repository this method sets the request attributes required by the OSGi
Http Service specification plus the REQUEST_ATTRIBUTE_RESOLVER
attribute.request
- The HTTP request to be authenticatedresponse
- The HTTP response to send any response to in case of
problems.true
if authentication succeeded and the request
attributes are set. If false
is returned the request
is immediately terminated and no request attributes are set.Copyright © 2017 The Apache Software Foundation. All rights reserved.