|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler
org.apache.sling.auth.core.spi.AbstractAuthenticationHandler
org.apache.sling.auth.openid.impl.OpenIDAuthenticationHandler
public class OpenIDAuthenticationHandler
The AuthorizationHeaderAuthenticationHandler
class implements
the authorization steps based on the Authorization header of the HTTP
request. This authenticator should eventually support both BASIC and DIGEST
authentication methods.
Field Summary | |
---|---|
static String |
DEFAULT_COOKIE_DOMAIN
|
static String |
DEFAULT_COOKIE_NAME
|
static String |
DEFAULT_COOKIE_SECRET_KEY
|
static String |
DEFAULT_EXTERNAL_URL_PREFIX
|
static String |
DEFAULT_LOGIN_IDENTIFIER_FORM_FIELD
|
static boolean |
DEFAULT_USE_COOKIE
|
static String |
PROP_COOKIE_DOMAIN
|
static String |
PROP_COOKIE_NAME
|
static String |
PROP_COOKIE_SECRET_KEY
|
static String |
PROP_EXTERNAL_URL_PREFIX
|
static String |
PROP_LOGIN_FORM
|
static String |
PROP_LOGIN_IDENTIFIER_FORM_FIELD
|
static String |
PROP_USE_COOKIE
|
Fields inherited from interface org.apache.sling.auth.core.spi.AuthenticationHandler |
---|
FAILURE_REASON, PATH_PROPERTY, REQUEST_LOGIN_PARAMETER, SERVICE_NAME, TYPE_PROPERTY |
Constructor Summary | |
---|---|
OpenIDAuthenticationHandler()
|
Method Summary | |
---|---|
protected void |
activate(org.osgi.service.component.ComponentContext componentContext)
|
void |
authenticationFailed(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationInfo authInfo)
This default implementation does nothing. |
boolean |
authenticationSucceeded(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
AuthenticationInfo authInfo)
This default implementation calls the DefaultAuthenticationFeedbackHandler.handleRedirect(HttpServletRequest, HttpServletResponse) method
to optionally redirect the request after successful authentication. |
protected void |
deactivate(org.osgi.service.component.ComponentContext componentContext)
|
void |
dropCredentials(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Invalidates the request with the Relying Party if a user is actually available for the request. |
AuthenticationInfo |
extractCredentials(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Extracts credential data from the request if at all contained. |
boolean |
requestCredentials(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Sends status 401 (Unauthorized) with a
WWW-Authenticate requesting standard HTTP header
authentication with the Basic scheme and the configured
realm name. |
Methods inherited from class org.apache.sling.auth.core.spi.AbstractAuthenticationHandler |
---|
getAttributeOrParameter, getLoginResource, isValidateRequest, sendInvalid, sendRedirect, sendValid, setLoginResourceAttribute |
Methods inherited from class org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler |
---|
handleRedirect |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String PROP_LOGIN_FORM
public static final String PROP_LOGIN_IDENTIFIER_FORM_FIELD
public static final String DEFAULT_LOGIN_IDENTIFIER_FORM_FIELD
public static final String PROP_EXTERNAL_URL_PREFIX
public static final String DEFAULT_EXTERNAL_URL_PREFIX
public static final String PROP_USE_COOKIE
public static final boolean DEFAULT_USE_COOKIE
public static final String PROP_COOKIE_DOMAIN
public static final String DEFAULT_COOKIE_DOMAIN
public static final String PROP_COOKIE_NAME
public static final String DEFAULT_COOKIE_NAME
public static final String PROP_COOKIE_SECRET_KEY
public static final String DEFAULT_COOKIE_SECRET_KEY
Constructor Detail |
---|
public OpenIDAuthenticationHandler()
Method Detail |
---|
public AuthenticationInfo extractCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
The method returns any of the following values :
value | description |
---|---|
null
| no user details were contained in the request |
AuthenticationInfo.DOING_AUTH
| the handler is in an ongoing authentication exchange with the client. The request handling is terminated. |
valid credentials | The user sent credentials. |
The method must not request credential information from the client, if they are not found in the request.
Note : The implementation should pay special attention to the fact, that the request may be for an included servlet, in which case the values for some URI specific values are contained in javax.servlet.include.* request attributes.
request
- The request object containing the information for the
authentication.response
- The response object which may be used to send the
information on the request failure to the user.
public boolean requestCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException
401
(Unauthorized) with a
WWW-Authenticate
requesting standard HTTP header
authentication with the Basic
scheme and the configured
realm name. If the response is already committed, an error message is
logged but the 401 status is not sent.
request
- The request objectresponse
- The response object to which to send the request
true
is always returned by this handler
IOException
- if an error occurrs sending back the response.public void dropCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
request
- The request object.response
- The response object to which to send the request.public void authenticationFailed(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationInfo authInfo)
DefaultAuthenticationFeedbackHandler
Extensions of this class may overwrite to cleanup any internal state.
authenticationFailed
in interface AuthenticationFeedbackHandler
authenticationFailed
in class DefaultAuthenticationFeedbackHandler
request
- The current requestresponse
- The current responseauthInfo
- The AuthenticationInfo
object used to
authenticate the request.public boolean authenticationSucceeded(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, AuthenticationInfo authInfo)
DefaultAuthenticationFeedbackHandler
DefaultAuthenticationFeedbackHandler.handleRedirect(HttpServletRequest, HttpServletResponse)
method
to optionally redirect the request after successful authentication.
Extensions of this class may overwrite this method to perform additional cleanup etc.
authenticationSucceeded
in interface AuthenticationFeedbackHandler
authenticationSucceeded
in class DefaultAuthenticationFeedbackHandler
request
- The current requestresponse
- The current responseauthInfo
- The AuthenticationInfo
object used to
authenticate the request.
DefaultAuthenticationFeedbackHandler.handleRedirect(HttpServletRequest, HttpServletResponse)
method.protected void activate(org.osgi.service.component.ComponentContext componentContext)
protected void deactivate(org.osgi.service.component.ComponentContext componentContext)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |