|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler
org.apache.sling.auth.core.spi.AbstractAuthenticationHandler
org.apache.sling.auth.form.impl.FormAuthenticationHandler
@Properties(value={@Property(name="service.description",value="Apache Sling Form Based Authentication Handler"),@Property(name="service.vendor",value="The Apache Software Foundation"),@Property(name="path",value="/",cardinality=100),@Property(name="authtype",value=,propertyPrivate=true),@Property(name="service.ranking",intValue=0,propertyPrivate=false)}) @Service public class FormAuthenticationHandler
The FormAuthenticationHandler
class implements the authorization
steps based on a cookie.
Field Summary | |
---|---|
static String |
PAR_AUTH_TIMEOUT
The number of minutes after which a login session times out. |
static String |
PAR_INCLUDE_FORM
Whether to redirect to the login form or simple do an include. |
Fields inherited from interface org.apache.sling.auth.core.spi.AuthenticationHandler |
---|
FAILURE_REASON, PATH_PROPERTY, REQUEST_LOGIN_PARAMETER, SERVICE_NAME, TYPE_PROPERTY |
Constructor Summary | |
---|---|
FormAuthenticationHandler()
|
Method Summary | |
---|---|
protected void |
activate(org.osgi.service.component.ComponentContext componentContext)
Called by SCR to activate the authentication handler. |
void |
authenticationFailed(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationInfo authInfo)
Called after an unsuccessful login attempt. |
boolean |
authenticationSucceeded(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationInfo authInfo)
Called after successfull login with the given authentication info. |
protected void |
deactivate(org.osgi.service.component.ComponentContext componentContext)
|
void |
dropCredentials(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Clears all authentication state which might have been prepared by this authentication handler. |
AuthenticationInfo |
extractCredentials(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Extracts cookie/session based credentials from the request. |
boolean |
requestCredentials(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Unless the sling:authRequestLogin to anything other than
Form this method either sends back a 403/FORBIDDEN response
if the j_verify parameter is set to true or
redirects to the login form to ask for credentials. |
String |
toString()
|
Methods inherited from class org.apache.sling.auth.core.spi.AbstractAuthenticationHandler |
---|
getAttributeOrParameter, getLoginResource, isValidateRequest, sendInvalid, sendRedirect, sendValid, setLoginResourceAttribute |
Methods inherited from class org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler |
---|
handleRedirect |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
@Property(intValue=30) public static final String PAR_AUTH_TIMEOUT
@Property(boolValue=false) public static final String PAR_INCLUDE_FORM
Constructor Detail |
---|
public FormAuthenticationHandler()
Method Detail |
---|
public AuthenticationInfo extractCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
null
if the handler assumes HTTP Basic authentication would
be more appropriate, if no form fields are present in the request and if
the secure user data is not present either in the cookie or an HTTP
Session.
request
- The request object containing the information for the
authentication.response
- The response object which may be used to send the
information on the request failure to the user.
AuthenticationInfo
instance identifying the
request user, AuthenticationInfo.DOING_AUTH
if the
handler is in an authentication transaction with the client or
null if the request does not contain authentication information.
In case of AuthenticationInfo.DOING_AUTH
, the method must
have sent a response indicating that fact to the client.public boolean requestCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException
sling:authRequestLogin
to anything other than
Form
this method either sends back a 403/FORBIDDEN response
if the j_verify
parameter is set to true
or
redirects to the login form to ask for credentials.
This method assumes the j_verify
request parameter to only
be set in the initial username/password submission through the login
form. No further checks are applied, though, before sending back the
403/FORBIDDEN response.
request
- The request object.response
- The response object to which to send the request.
true
if the handler is able to send an authentication
inquiry for the given request. false
otherwise.
IOException
- If an error occurrs sending the authentication
inquiry to the client.public void dropCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
request
- The request object.response
- The response object to which to send the request.public void authenticationFailed(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationInfo authInfo)
authenticationFailed
in interface AuthenticationFeedbackHandler
authenticationFailed
in class DefaultAuthenticationFeedbackHandler
request
- The current requestresponse
- The current responseauthInfo
- The AuthenticationInfo
object used to
authenticate the request.public boolean authenticationSucceeded(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationInfo authInfo)
If no authentication data already exists, it is created. Otherwise if the data has expired the data is updated with a new security token and a new expiry time.
If creating or updating the authentication data fails, it is actually removed from the cookie or the HTTP session and future requests will not be authenticated any longer.
authenticationSucceeded
in interface AuthenticationFeedbackHandler
authenticationSucceeded
in class DefaultAuthenticationFeedbackHandler
request
- The current requestresponse
- The current responseauthInfo
- The AuthenticationInfo
object used to
authenticate the request.
DefaultAuthenticationFeedbackHandler.handleRedirect(HttpServletRequest, HttpServletResponse)
method.public String toString()
toString
in class Object
protected void activate(org.osgi.service.component.ComponentContext componentContext) throws InvalidKeyException, NoSuchAlgorithmException, IllegalStateException, UnsupportedEncodingException
InvalidKeyException
NoSuchAlgorithmException
IllegalStateException
UnsupportedEncodingException
protected void deactivate(org.osgi.service.component.ComponentContext componentContext)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |