You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:19:22 UTC
[sling-org-apache-sling-auth-form] annotated tag
org.apache.sling.auth.form-1.0.8 created (now cc93726)
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a change to annotated tag org.apache.sling.auth.form-1.0.8
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git.
at cc93726 (tag)
tagging d0817206e8dbb9bda2cfe04ac7d1078955c8ac89 (commit)
by Carsten Ziegeler
on Wed Oct 7 06:23:25 2015 +0000
- Log -----------------------------------------------------------------
org.apache.sling.auth.form-1.0.8
-----------------------------------------------------------------------
This annotated tag includes the following new commits:
new f467e0e SLING-1116 Initial Version based on Eric Norman's patch (thanks alot)
new 8b679bf SLING-1116 cleanup dependencies
new a0fcd1a SLING-1116 Implement support for the j_validate login form parameter and add support to convey a reason to render the login form using the j_reason request parameter for the login form request
new 44c5ccd SLING-1116 Fix service description
new a812358 SLING-1116 Ensure the FormLoginModulePlugin is actually registered as a service (otherwise authenticaiton may fail). Also the resource attribute is set in the extractRequestParameterAuthentication method to ensure a redirect takes place after successful login
new 0a41f41 SLING-1380 Do not return anything from getPrincipal to allow DefaultLoginModule.getPrincipal to kick in and validate the user name against the existing users (and also to provide the correct principal for the user)
new a25ef67 SLING-1116 make sure the login form action is an absolute path
new 33e89b6 SLING-1419 : Remove dependency to JCR
new 64b2394 SLING-1498 - saving resource being requested
new 0a8abcc SLING-1497 - adding tentative configuration for configuring service.ranking via ConfigAdmin/Metatype
new 1cb242e forgot that maven 3 dropped support for latest. oh well, new scr plugin should be released rsn
new 6b812d8 Use released parent pom.
new 4e10552 SLING-1116 Improve FormReason to convey the human-readable message by toString()
new 217e197 SLING-1565 Move private implementation classes to the impl package and export the o.a.s.formauth package for login forms to be able to interpret the j_reason value with the FormReason enum.
new a606003 SLING-1565 - need to move the login form as well to be in the same package as the servlet
new d5ecfb9 SLING-1564 - adding support for form inclusion as well as custom form pages via fragments
new 196a11f SLING-1587 - file name wasn't being logged
new d3222a7 SLING-1575 Adapt Form and OpenID authentication handler to use new abstract form servlet and authentication handler
new 531e943 SLING-1575 Add @scr.service tag for login form servlets and fully qualify path property definition in the authentication handler
new 03ed695 Remove unneeded (and commented out) version element
new 99b1053 SLING-1588 Fixed, cookie needs to be removed when found to be invalid.
new d24ad09 SLING-1614 Added config settings that allow a login form to be re-displayed when the login token expires, by default the login form is not displayed on expiry, on the basis that it was not displayed by default when the anon user first came to the site.
new e561eda SLING-1614 Added missing property name and metatype text.
new 008d39d SLING-1647 Set handler specific properties in the AuthenticationInfo instead of the credentials. The properties will be transferred to the session by the ResourceResolverFactory implementation
new bdb9503 SLING-1650 Consolidate authentication stuff in a new auth component; * rename commons/auth to auth/core * rename extensions/formauth to auth/form * rename extensions/openidauth to auth/openid
new f4f4bfc SLING-1650 Refactor auth/core, auth/form, auth/openid for the new packages identifying the auth component and refer to the new auth/core for the authentication handlers.
new 5ba6c25 SLING-1650 Remove old packages; make sure the login.html form source is in the correct (new) location
new 9946c7c Set JIRA version id and fix JavaDoc exclusions
new dc98910 Update to Sling API 2.1.0
new af26b77 use Auth Core 1.0.0 to prepare the release
new 9e52b4e [maven-release-plugin] prepare release org.apache.sling.auth.form-1.0.0
new 00fad8b [maven-release-plugin] prepare for next development iteration
new f045f34 Use previous Auth Core SNAPSHOT until after release
new 11448fa SLING-1695 - set the cookie domain either by a config admin property or using a key within the AuthenticationInfo object
new aee24d0 SLING-1714 Convert @scr JavaDoc tags to SCR annotations
new acc1f6b SLING-1714 Metatype descriptor generation is not enabled by default for annotations
new 2574aa6 SLING-1722 Do not embed StringUtils class but import the Commons Lang package
new 1bf2250 SLING-1721 Use no cookie domain if the configured (or requested) cookie domain is an empty string
new 18d11b7 SLING-1729 Provide a simple and faster alternative to the default SecureRandom seeding. This might be of interest mostly for the Linux and Solaris platforms which seed SecureRandom from the blocking /dev/random by default.
new 4d1d59e SLING-1729 Emit a log message if regular SecureRandom seeding is used
new ebdcfd7 Use released version of auth/core dependency
new 93fe53e SLING-1744 Split the authentication data into exactly three fields leaving any excess field separators in the user name field thus supporting user names with @ signs such as email addresses.
new dc0a50e SLING-1752 Unify resource attribute/parameter setting and default value handling
new e633f47 Revert changes from commit 996477 which are not intended to go into that commit (relative to handling auth failures for XHR requests and handling the cookie)
new bfe05c2 SLING-1762 Add the HttpOnly attribute to setting the authentication cookie to make sure the cookie is not available to client side JavaScript. Also, when extracting the authentication data from the cookie ignore empty values.
new 1e178f5 SLING-1783 Make the use of the j_reason request attribute to inform about failures for authentication official
new b087302 Don't quote cookie value and attributes
new 8a77e54 SLING-1785 Use new redirect helper method of tha AbstractAuthenticationHandler
new e4d4eff SLING-1428 Reimplement full j_validate functionality: Send a 403 response if either the provided cookie value is invalid or if the provided user name and password cannot be used to login. Created methods to actually send back the success or failure responses for validation requests.
new 888cdb3 SLING-1428 Implement generalized support for validating credentials supplied by a request using the j_validate request parameter.
new 64b8cf5 updating all modules to parent 10-SNAPSHOT in anticipation of emma additions to parent
new 8972039 SLING-1869 - upgrading to latest SCR plugin and putting scr.annotations in parent
new ad83c4f Update to recent snapshots
new 09f89ed Use latest releases.
new ef7843d Prepare releases
new 17bfd16 [maven-release-plugin] prepare release org.apache.sling.auth.form-1.0.2
new b472e70 [maven-release-plugin] prepare for next development iteration
new 2275900 Update to current snapshots
new 1f794a9 Update to releases
new 32d454e SLING-1847 Redirect after logout does not work with form authentication (+unit test)
new ac004cf SLING-2150 : Update plugins to use the latest available versions
new 2cda4c9 Update to recent snapshot
new 4ea6441 Using latest released parent pom
new 300e154 SLING-2187 - adding new module to contain our custom notice file; adding remote-resources plugin configuration to parent pom and removing all existing appended-resources NOTICE files
new 5a0790c temporarily using snapshots during release vote
new 30504c1 using latest releases
new e42a6f4 SLING-2080 Apply patch by Angela Schreiber (thank you very much)
new e145fd0 SLING-2080 Fix wrong JavaDoc references (Thanks Angela for reporting)
new eccd8eb SLING-2165 Form based login failure should stay on the same login page to show the login error
new c09ad3f SLING-2299 The checkReferer method has actually been moved to AuthUtil because it was not contained in a released version of Auth Core bundle yet.
new 87f291f SLING-2382 - having form auth handler set the login event triggering auth info property
new 56310ef SLING-2480 : Add config for maven-sling-plugin to m2e configuration
new 741517c SLING-2483 Update jackrabbit.server and jcr.base dependencies and add JCR API dependency to prevent the new bundle plugin to generate a too restrictive import for the JCR API (2.0 is backwards compatible with 1.0)
new 50a319e Update to latest parent pom
new 09818f4 Use released versions
new 9548090 Use latest releases and update to new parent pom
new 0ee728f Update to latest parent pom and use latest releases in launchpad
new 21cc027 Use released versions after release.
new ac9477f Correct reactor pom and update to parent pom 16
new 3ec65e6 SLING-2858 - Maven build fails after upgrading to parent 16: No annotation processors found in classpath
new 866ec35 [maven-release-plugin] prepare release org.apache.sling.auth.form-1.0.4
new a21621c [maven-release-plugin] prepare for next development iteration
new 9c06cb2 remove duplicate dependency
new 7f5c31b Update to latest parent pom
new 61e2397 Update to parent pom 18
new e80937a SLING-3443 : Parameter based redirection in FormAuthenticationHandler should not handle absolute urls. Apply modified patch from Ravi Teja
new 98d550a Update to parent pom v19
new ca4e850 SLING-3795 : Fields for dynamic references must be volatile
new 6333a87 Updated to parent version 20
new 2926575 [maven-release-plugin] prepare release org.apache.sling.auth.form-1.0.6
new c29928e [maven-release-plugin] prepare for next development iteration
new c56ec99 Remove duplicate properties for service vendor
new a195ad9 Update to Sling Parent POM 22 with baselining enabled
new 12e637b SLING-3227 - FormLoginModulePlugin does not work with Oak
new 9368c3a SLING-4698 - Set parent.relativePath to empty for all modules
new 5b2c3c5 Update to Sling Parent 23
new afe69a3 set parent version to 24 and add empty relativePath where missing
new a0b5e99 Update the main reactor to parent 25
new e45939d [maven-release-plugin] prepare release org.apache.sling.auth.form-1.0.8
new d081720 [maven-release-plugin] copy for tag org.apache.sling.auth.form-1.0.8
The 100 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
--
To stop receiving notification emails like this one, please contact
['"commits@sling.apache.org" <co...@sling.apache.org>'].
[sling-org-apache-sling-auth-form] 05/10: SLING-4698 - Set
parent.relativePath to empty for all modules
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.8
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit 9368c3aea6e47164b0f4f9b5d8914730e3c28cd2
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Thu May 7 10:14:40 2015 +0000
SLING-4698 - Set parent.relativePath to empty for all modules
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@1678154 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 51d34ce..2bd791d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
<version>22</version>
- <relativePath>../../../parent/pom.xml</relativePath>
+ <relativePath/>
</parent>
<artifactId>org.apache.sling.auth.form</artifactId>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-auth-form] 03/10: Update to Sling Parent
POM 22 with baselining enabled
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.8
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit a195ad94c0829ffc12e808599f21b857252bf8bd
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Wed Oct 1 06:57:44 2014 +0000
Update to Sling Parent POM 22 with baselining enabled
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@1628622 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index cc2edae..e129707 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>20</version>
+ <version>22</version>
<relativePath>../../../parent/pom.xml</relativePath>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-auth-form] 09/10: [maven-release-plugin]
prepare release org.apache.sling.auth.form-1.0.8
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.8
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit e45939d8bc86859b9f1bc583c237dcfdac6c55b8
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Wed Oct 7 06:23:09 2015 +0000
[maven-release-plugin] prepare release org.apache.sling.auth.form-1.0.8
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@1707185 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/pom.xml b/pom.xml
index 7fe8295..25a92ad 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,11 +22,11 @@
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
<version>25</version>
- <relativePath/>
+ <relativePath />
</parent>
<artifactId>org.apache.sling.auth.form</artifactId>
- <version>1.0.7-SNAPSHOT</version>
+ <version>1.0.8</version>
<packaging>bundle</packaging>
<name>Apache Sling Form Based Authentication Handler</name>
@@ -43,9 +43,9 @@
</properties>
<scm>
- <connection>scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form</connection>
- <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form</developerConnection>
- <url>http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form</url>
+ <connection>scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.auth.form-1.0.8</connection>
+ <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.auth.form-1.0.8</developerConnection>
+ <url>http://svn.apache.org/viewvc/sling/tags/org.apache.sling.auth.form-1.0.8</url>
</scm>
<build>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-auth-form] 06/10: Update to Sling Parent 23
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.8
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit 5b2c3c587684f78a2738b4c602885c0a02cfba8e
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Thu Jun 25 13:08:16 2015 +0000
Update to Sling Parent 23
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@1687500 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 2bd791d..ef4b337 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>22</version>
+ <version>23</version>
<relativePath/>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-auth-form] 04/10: SLING-3227 -
FormLoginModulePlugin does not work with Oak
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.8
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit 12e637b34b950372f15103e5f6c3ad686122b076
Author: Chetan Mehrotra <ch...@apache.org>
AuthorDate: Sun Jan 4 09:08:39 2015 +0000
SLING-3227 - FormLoginModulePlugin does not work with Oak
Add FormLoginModule based on Oak support for JAAS authentication
-- FormAuthenticationHandler would use FormLoginModule or FormLoginModulePlugin depending on support for Oak LoginModule. This would enable use of same bundle in both Oak and JR2 based Sling deployments
-- For JAAS auth the handler would construct a FormCrendentials instance which is supported by FormLoginModule only. Once validated it would make use of Oak pre auth support to let Oak complete the JAAS login
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@1649302 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 13 +++
.../auth/form/impl/FormAuthenticationHandler.java | 44 +++++--
.../sling/auth/form/impl/jaas/FormCredentials.java | 40 +++++++
.../sling/auth/form/impl/jaas/FormLoginModule.java | 102 ++++++++++++++++
.../sling/auth/form/impl/jaas/JaasHelper.java | 128 +++++++++++++++++++++
.../OSGI-INF/metatype/metatype.properties | 17 ++-
6 files changed, 334 insertions(+), 10 deletions(-)
diff --git a/pom.xml b/pom.xml
index e129707..51d34ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -158,6 +158,19 @@
<scope>provided</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-core</artifactId>
+ <version>1.0.0</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.jaas</artifactId>
+ <version>0.0.2</version>
+ <optional>true</optional>
+ </dependency>
+
<!-- Test Dependencies -->
<dependency>
<groupId>junit</groupId>
diff --git a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
index 6343b04..d14c8c6 100644
--- a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
+++ b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
@@ -36,6 +36,7 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
+import org.apache.felix.jaas.LoginModuleFactory;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Properties;
@@ -56,6 +57,8 @@ import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
import org.apache.sling.auth.form.FormReason;
+import org.apache.sling.auth.form.impl.jaas.FormCredentials;
+import org.apache.sling.auth.form.impl.jaas.JaasHelper;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.osgi.framework.BundleContext;
import org.osgi.framework.Constants;
@@ -73,7 +76,12 @@ import org.slf4j.LoggerFactory;
@Property(name = Constants.SERVICE_DESCRIPTION, value = "Apache Sling Form Based Authentication Handler"),
@Property(name = AuthenticationHandler.PATH_PROPERTY, value = "/", cardinality = 100),
@Property(name = AuthenticationHandler.TYPE_PROPERTY, value = HttpServletRequest.FORM_AUTH, propertyPrivate = true),
- @Property(name = Constants.SERVICE_RANKING, intValue = 0, propertyPrivate = false) })
+ @Property(name = Constants.SERVICE_RANKING, intValue = 0, propertyPrivate = false),
+
+ @Property(name = LoginModuleFactory.JAAS_CONTROL_FLAG, value = "sufficient"),
+ @Property(name = LoginModuleFactory.JAAS_REALM_NAME, value = "jackrabbit.oak"),
+ @Property(name = LoginModuleFactory.JAAS_RANKING, intValue = 1000)
+})
@Service
public class FormAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {
@@ -295,6 +303,8 @@ public class FormAuthenticationHandler extends DefaultAuthenticationFeedbackHand
*/
private boolean loginAfterExpire;
+ private JaasHelper jaasHelper;
+
/**
* Extracts cookie/session based credentials from the request. Returns
* <code>null</code> if the handler assumes HTTP Basic authentication would
@@ -622,7 +632,13 @@ public class FormAuthenticationHandler extends DefaultAuthenticationFeedbackHand
final AuthenticationInfo info = new AuthenticationInfo(
HttpServletRequest.FORM_AUTH, userId);
- info.put(attrCookieAuthData, authData);
+
+ if (jaasHelper.enabled()) {
+ //JcrResourceConstants.AUTHENTICATION_INFO_CREDENTIALS
+ info.put("user.jcr.credentials", new FormCredentials(userId, authData));
+ } else {
+ info.put(attrCookieAuthData, authData);
+ }
return info;
}
@@ -643,6 +659,8 @@ public class FormAuthenticationHandler extends DefaultAuthenticationFeedbackHand
if (data instanceof String) {
return (String) data;
}
+ } else if (credentials instanceof FormCredentials){
+ return ((FormCredentials) credentials).getAuthData();
}
// no SimpleCredentials or no valid attribute
@@ -653,7 +671,7 @@ public class FormAuthenticationHandler extends DefaultAuthenticationFeedbackHand
return getCookieAuthData(credentials) != null;
}
- boolean isValid(final Credentials credentials) {
+ public boolean isValid(final Credentials credentials) {
String authData = getCookieAuthData(credentials);
if (authData != null) {
return tokenStore.isValid(authData);
@@ -679,6 +697,7 @@ public class FormAuthenticationHandler extends DefaultAuthenticationFeedbackHand
Dictionary<?, ?> properties = componentContext.getProperties();
+ this.jaasHelper = new JaasHelper(this, componentContext.getBundleContext(), properties);
this.loginForm = OsgiUtil.toString(properties.get(PAR_LOGIN_FORM),
AuthenticationFormServlet.SERVLET_PATH);
log.info("Login Form URL {}", loginForm);
@@ -730,12 +749,14 @@ public class FormAuthenticationHandler extends DefaultAuthenticationFeedbackHand
this.tokenStore = new TokenStore(tokenFile, sessionTimeout, fastSeed);
this.loginModule = null;
- try {
- this.loginModule = FormLoginModulePlugin.register(this,
- componentContext.getBundleContext());
- } catch (Throwable t) {
- log.info("Cannot register FormLoginModulePlugin. This is expected if Sling LoginModulePlugin services are not supported");
- log.debug("dump", t);
+ if (!jaasHelper.enabled()) {
+ try {
+ this.loginModule = FormLoginModulePlugin.register(this,
+ componentContext.getBundleContext());
+ } catch (Throwable t) {
+ log.info("Cannot register FormLoginModulePlugin. This is expected if Sling LoginModulePlugin services are not supported");
+ log.debug("dump", t);
+ }
}
this.includeLoginForm = OsgiUtil.toBoolean(properties.get(PAR_INCLUDE_FORM), DEFAULT_INCLUDE_FORM);
@@ -745,6 +766,11 @@ public class FormAuthenticationHandler extends DefaultAuthenticationFeedbackHand
@Deactivate
protected void deactivate() {
+ if (jaasHelper != null){
+ jaasHelper.close();
+ jaasHelper = null;
+ }
+
if (loginModule != null) {
loginModule.unregister();
loginModule = null;
diff --git a/src/main/java/org/apache/sling/auth/form/impl/jaas/FormCredentials.java b/src/main/java/org/apache/sling/auth/form/impl/jaas/FormCredentials.java
new file mode 100644
index 0000000..6f127fc
--- /dev/null
+++ b/src/main/java/org/apache/sling/auth/form/impl/jaas/FormCredentials.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.auth.form.impl.jaas;
+
+import javax.jcr.Credentials;
+
+public class FormCredentials implements Credentials {
+ private final String userId;
+ private final String authData;
+
+ public FormCredentials(String userId, String authData) {
+ this.userId = userId;
+ this.authData = authData;
+ }
+
+ public String getUserId() {
+ return userId;
+ }
+
+ public String getAuthData() {
+ return authData;
+ }
+}
diff --git a/src/main/java/org/apache/sling/auth/form/impl/jaas/FormLoginModule.java b/src/main/java/org/apache/sling/auth/form/impl/jaas/FormLoginModule.java
new file mode 100644
index 0000000..e98ddf1
--- /dev/null
+++ b/src/main/java/org/apache/sling/auth/form/impl/jaas/FormLoginModule.java
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.auth.form.impl.jaas;
+
+import java.util.Collections;
+import java.util.Set;
+
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
+import org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin;
+import org.apache.sling.auth.form.impl.FormAuthenticationHandler;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+final class FormLoginModule extends AbstractLoginModule {
+ private static final Logger log = LoggerFactory.getLogger(FormLoginModule.class);
+
+ /**
+ * The set of supported credentials. required by the {@link org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule}
+ */
+ private static final Set<Class> SUPPORTED_CREDENTIALS = Collections.<Class>singleton(FormCredentials.class);
+ private static final char[] EMPTY_PWD = new char[0];
+
+ /**
+ * Extracted userId during login call.
+ */
+ private String userId;
+
+ @Override
+ protected Set<Class> getSupportedCredentials() {
+ return SUPPORTED_CREDENTIALS;
+ }
+
+ /**
+ * The {@link org.apache.sling.auth.form.impl.FormAuthenticationHandler} used to validate the credentials
+ * and its contents.
+ */
+ private final FormAuthenticationHandler authHandler;
+
+ FormLoginModule(FormAuthenticationHandler authHandler) {
+ this.authHandler = authHandler;
+ }
+
+ @SuppressWarnings("unchecked")
+ public boolean login() throws LoginException {
+ Credentials credentials = getCredentials();
+ if (credentials instanceof FormCredentials) {
+ FormCredentials cred = (FormCredentials) credentials;
+ userId = cred.getUserId();
+
+ if (!authHandler.isValid(cred)){
+ log.debug("Invalid credentials");
+ return false;
+ }
+
+ if (userId == null) {
+ log.debug("Could not extract userId/credentials");
+ } else {
+ // we just set the login name and rely on the following login modules to populate the subject
+ sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(userId));
+ sharedState.put(SHARED_KEY_CREDENTIALS, new SimpleCredentials(userId, EMPTY_PWD));
+ sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
+ log.debug("login succeeded with trusted user: {}", userId);
+ }
+ }
+ return false;
+ }
+
+ public boolean commit() throws LoginException {
+ if (userId == null) {
+ // login attempt in this login module was not successful
+ clearState();
+ }
+ return false;
+ }
+
+ @Override
+ protected void clearState() {
+ userId = null;
+ super.clearState();
+ }
+}
diff --git a/src/main/java/org/apache/sling/auth/form/impl/jaas/JaasHelper.java b/src/main/java/org/apache/sling/auth/form/impl/jaas/JaasHelper.java
new file mode 100644
index 0000000..bb5a1b5
--- /dev/null
+++ b/src/main/java/org/apache/sling/auth/form/impl/jaas/JaasHelper.java
@@ -0,0 +1,128 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.auth.form.impl.jaas;
+
+import java.util.Dictionary;
+
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.felix.jaas.LoginModuleFactory;
+import org.apache.sling.auth.form.impl.FormAuthenticationHandler;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.Constants;
+import org.osgi.framework.ServiceRegistration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class JaasHelper {
+
+ private static final Logger log = LoggerFactory.getLogger(JaasHelper.class);
+
+ private final FormAuthenticationHandler authHandler;
+
+ /**
+ * login module service registration
+ */
+ private final ServiceRegistration factoryRegistration;
+
+ /**
+ * Opens/Initializes the helper and registers the login module factory (LMF) service if possible.
+ *
+ * @param ctx the bundle context
+ * @param properties properties that contain the jaas related LMF service properties.
+ */
+ public JaasHelper(FormAuthenticationHandler authHandler, BundleContext ctx, Dictionary properties) {
+ this.authHandler = authHandler;
+ // we dynamically register the LoginModuleFactory for the case we detect a login module.
+ if (hasSSOLoginModule(ctx)) {
+ factoryRegistration = registerLoginModuleFactory(ctx, properties);
+ } else {
+ factoryRegistration = null;
+ }
+ }
+
+ /**
+ * Checks if JAAS support is enabled and the SSO login module is present.
+ *
+ * @return {@code true} if JAAS support is enabled.
+ */
+ public boolean enabled() {
+ return factoryRegistration != null;
+ }
+
+
+ /**
+ * Closes this helper and unregisters the login module factory if needed.
+ */
+ public void close() {
+ if (factoryRegistration != null) {
+ factoryRegistration.unregister();
+ }
+ }
+
+ private ServiceRegistration registerLoginModuleFactory(BundleContext ctx, Dictionary properties) {
+ ServiceRegistration reg = null;
+ try {
+ java.util.Properties props = new java.util.Properties();
+ final String desc = "LoginModule Support for FormAuthenticationHandler";
+ props.put(Constants.SERVICE_DESCRIPTION, desc);
+ props.put(Constants.SERVICE_VENDOR, ctx.getBundle().getHeaders().get(Constants.BUNDLE_VENDOR));
+
+ props.put(LoginModuleFactory.JAAS_RANKING, properties.get(LoginModuleFactory.JAAS_RANKING));
+ props.put(LoginModuleFactory.JAAS_CONTROL_FLAG, properties.get(LoginModuleFactory.JAAS_CONTROL_FLAG));
+ props.put(LoginModuleFactory.JAAS_REALM_NAME, properties.get(LoginModuleFactory.JAAS_REALM_NAME));
+ reg = ctx.registerService(LoginModuleFactory.class.getName(),
+ new LoginModuleFactory() {
+ public LoginModule createLoginModule() {
+ return new FormLoginModule(authHandler);
+ }
+
+ @Override
+ public String toString() {
+ return desc + " (" +FormLoginModule.class.getName()+")";
+ }
+ },
+ props
+ );
+ log.info("Registered FormLoginModuleFactory");
+ } catch (Throwable e) {
+ log.error("unable to create an register the SSO login module factory", e);
+ }
+ return reg;
+ }
+
+ /**
+ * Checks if the {@link org.apache.sling.auth.form.impl.jaas.FormLoginModule} is available. This would not be the case
+ * in an non-oak setup. Note this only checks if the login module can be loaded, not if it is actually enabled
+ * in the jaas config.
+ *
+ * @return {@code true} if the SSOLoginModule is available.
+ */
+ private static boolean hasSSOLoginModule(BundleContext ctx) {
+ try {
+ ctx.getBundle().loadClass("org.apache.sling.auth.form.impl.jaas.FormLoginModule");
+ log.debug("FormLoginModule available.");
+ return true;
+ } catch (Throwable e) {
+ log.debug("no FormLoginModule available.", e);
+ }
+ return false;
+ }
+}
diff --git a/src/main/resources/OSGI-INF/metatype/metatype.properties b/src/main/resources/OSGI-INF/metatype/metatype.properties
index 2d92666..7070cdb 100644
--- a/src/main/resources/OSGI-INF/metatype/metatype.properties
+++ b/src/main/resources/OSGI-INF/metatype/metatype.properties
@@ -91,4 +91,19 @@ form.default.cookie.domain.name = Default Cookie Domain
form.default.cookie.domain.description = The domain on which authentication cookies will \
be set, unless overridden in the AuthenticationInfo object. The default is null \
which means to set the cookie on the request domain.
-
\ No newline at end of file
+
+jaas.controlFlag.name = JAAS Control Flag
+jaas.controlFlag.description = Property name specifying whether or not a LoginModule is REQUIRED, REQUISITE, SUFFICIENT \
+ or OPTIONAL. Refer to the JAAS configuration documentation for more details around the meaning of these flags. \
+ Jackrabbit Oak only.
+
+jaas.realmName.name = JAAS Realm
+jaas.realmName.description = Property name specifying the realm name (or application name) against which the LoginModule \
+ is be registered. If no realm name is provided then LoginModule is registered with a default realm as configured in \
+ the Felix JAAS configuration. \
+ Jackrabbit Oak only.
+
+jaas.ranking.name = JAAS Ranking
+jaas.ranking.description = Property name specifying the ranking (i.e. sort order) of the configured login module \
+ entries. The entries are sorted in a descending order (i.e. higher value ranked configurations come first). \
+ Jackrabbit Oak only.
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-auth-form] 07/10: set parent version to 24
and add empty relativePath where missing
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.8
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit afe69a3425d8306872a6dc98b0f5fce339b096fd
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Tue Jul 7 08:09:17 2015 +0000
set parent version to 24 and add empty relativePath where missing
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@1689593 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index ef4b337..e08b452 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>23</version>
+ <version>24</version>
<relativePath/>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-auth-form] 01/10: [maven-release-plugin]
prepare for next development iteration
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.8
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit c29928e17882e93a78d5a040f67ef8b816f1f10b
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Fri Aug 8 12:12:07 2014 +0000
[maven-release-plugin] prepare for next development iteration
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@1616727 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index f84ed7d..cc2edae 100644
--- a/pom.xml
+++ b/pom.xml
@@ -26,7 +26,7 @@
</parent>
<artifactId>org.apache.sling.auth.form</artifactId>
- <version>1.0.6</version>
+ <version>1.0.7-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>Apache Sling Form Based Authentication Handler</name>
@@ -43,9 +43,9 @@
</properties>
<scm>
- <connection>scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.auth.form-1.0.6</connection>
- <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.auth.form-1.0.6</developerConnection>
- <url>http://svn.apache.org/viewvc/sling/tags/org.apache.sling.auth.form-1.0.6</url>
+ <connection>scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form</connection>
+ <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form</developerConnection>
+ <url>http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form</url>
</scm>
<build>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-auth-form] 08/10: Update the main reactor
to parent 25
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.8
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit a0b5e99a381663e9f14fdcb1a7b9dd3a246a0bb0
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Mon Oct 5 10:03:45 2015 +0000
Update the main reactor to parent 25
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@1706780 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index e08b452..7fe8295 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>24</version>
+ <version>25</version>
<relativePath/>
</parent>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-auth-form] 10/10: [maven-release-plugin]
copy for tag org.apache.sling.auth.form-1.0.8
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.8
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit d0817206e8dbb9bda2cfe04ac7d1078955c8ac89
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Wed Oct 7 06:23:25 2015 +0000
[maven-release-plugin] copy for tag org.apache.sling.auth.form-1.0.8
git-svn-id: https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.auth.form-1.0.8@1707186 13f79535-47bb-0310-9956-ffa450edef68
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-auth-form] 02/10: Remove duplicate
properties for service vendor
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.8
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit c56ec997add6d7edf082296c5854bc905a2273c7
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Wed Sep 24 13:52:01 2014 +0000
Remove duplicate properties for service vendor
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form@1627324 13f79535-47bb-0310-9956-ffa450edef68
---
.../java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java | 1 -
.../java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java | 1 -
2 files changed, 2 deletions(-)
diff --git a/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java b/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java
index b6b89c1..5ad6667 100644
--- a/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java
+++ b/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java
@@ -35,7 +35,6 @@ import org.apache.sling.auth.form.FormReason;
*/
@Component
@Properties( {
- @Property(name = "service.vendor", value = "The Apache Software Foundation"),
@Property(name = "service.description", value = "Default Login Form for Form Based Authentication") })
@Service(value = Servlet.class)
@SuppressWarnings("serial")
diff --git a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
index 9314fa3..6343b04 100644
--- a/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
+++ b/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
@@ -71,7 +71,6 @@ import org.slf4j.LoggerFactory;
@Component(label = "%auth.form.name", description = "%auth.form.description", metatype = true, name = "org.apache.sling.auth.form.FormAuthenticationHandler")
@Properties( {
@Property(name = Constants.SERVICE_DESCRIPTION, value = "Apache Sling Form Based Authentication Handler"),
- @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation"),
@Property(name = AuthenticationHandler.PATH_PROPERTY, value = "/", cardinality = 100),
@Property(name = AuthenticationHandler.TYPE_PROPERTY, value = HttpServletRequest.FORM_AUTH, propertyPrivate = true),
@Property(name = Constants.SERVICE_RANKING, intValue = 0, propertyPrivate = false) })
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.