org.apache.sling.extensions.webconsolesecurityprovider.internal
Class SlingWebConsoleSecurityProvider

java.lang.Object
  extended by org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider
All Implemented Interfaces:
org.apache.felix.webconsole.WebConsoleSecurityProvider

@Service(value=org.apache.felix.webconsole.WebConsoleSecurityProvider.class)
public class SlingWebConsoleSecurityProvider
extends Object
implements org.apache.felix.webconsole.WebConsoleSecurityProvider

The SlingWebConsoleSecurityProvider is security provider for the Apache Felix Web Console which validates the user name and password by loging into the repository and the checking whether the user is allowed access. Access granted by the authenticate(String, String) method applies to all of the Web Console since the authorize(Object, String) method always returns true.

This security provider requires a JCR Repository to operate. Therefore it is only registered as a security provider service once such a JCR Repository is available.


Constructor Summary
SlingWebConsoleSecurityProvider()
           
 
Method Summary
 Object authenticate(String userName, String password)
          Authenticates and authorizes the user identified by the user name and password.
 boolean authorize(Object user, String role)
          All users authenticated with the repository and being a member of the authorized groups are granted access for all roles in the Web Console.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SlingWebConsoleSecurityProvider

public SlingWebConsoleSecurityProvider()
Method Detail

authenticate

public Object authenticate(String userName,
                           String password)
Authenticates and authorizes the user identified by the user name and password. The check applied to authorize access consists of the following steps:
  1. User name and password are able to create a JCR session with the default repository workspace. If such a session cannot be created, the user is denied access.
  2. If the user is listed in the configured set of granted users, access is granted to all of the Web Console.
  3. If the user is a member of one of the groups configured to grant access to their members, access is granted to all of the Web Console.

If the user name and password cannot be used to login to the default workspace of the repository or if the user neither one of the configured set of granted users or is not a member of the configured set of groups access is denied to the Web Console.

Specified by:
authenticate in interface org.apache.felix.webconsole.WebConsoleSecurityProvider
Parameters:
userName - The name of the user to grant access for
password - The password to authenticate the user. This may be null to assume an empty password.
Returns:
The userName is currently returned to indicate successfull authentication.
Throws:
NullPointerException - if userName is null.

authorize

public boolean authorize(Object user,
                         String role)
All users authenticated with the repository and being a member of the authorized groups are granted access for all roles in the Web Console.

Specified by:
authorize in interface org.apache.felix.webconsole.WebConsoleSecurityProvider


Copyright © 2007-2013 The Apache Software Foundation. All Rights Reserved.