You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Michael Marth (JIRA)" <ji...@apache.org> on 2008/01/18 15:06:34 UTC

[jira] Created: (SLING-175) support for form-based authentication

support for form-based authentication
-------------------------------------

                 Key: SLING-175
                 URL: https://issues.apache.org/jira/browse/SLING-175
             Project: Sling
          Issue Type: Improvement
          Components: Core
            Reporter: Michael Marth
            Priority: Minor


Currently, Sling supports Basic Auth for authentication (and corresponding mapping of users and rights to the underlying repository). I would like to request that we can also have form-based authentication.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-175) support for form-based authentication

Posted by "Alexander Klimetschek (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12560700#action_12560700 ] 

Alexander Klimetschek commented on SLING-175:
---------------------------------------------

The trick is to do the login with a dummy login XHR request in the background. If it works, the credentials stay cached in the browser and are then used for normal browser requests. It's a bit tricky, but we also got an logout to work (sending invalid credentials in an XHR to "reset" the browser).

See those files:

server-side servlet filter:

http://www.mindquarry.org/repos/mindquarry-collaboration-server/trunk/mindquarry-teamspace/mindquarry-users/src/main/java/com/mindquarry/user/webapp/AuthenticationFilter.java

client-side javascript:

http://www.mindquarry.org/repos/mindquarry-collaboration-server/trunk/mindquarry-webapp/mindquarry-webapp-resources/src/main/resources/COB-INF/scripts/dojo/mindquarry/lib/auth.js

http://www.mindquarry.org/repos/mindquarry-collaboration-server/trunk/mindquarry-webapp/mindquarry-webapp-resources/src/main/resources/COB-INF/scripts/dojo/mindquarry/widget/LoginForm.js

http://www.mindquarry.org/repos/mindquarry-collaboration-server/trunk/mindquarry-webapp/mindquarry-webapp-resources/src/main/resources/COB-INF/scripts/dojo/mindquarry/widget/LogoutLink.js


> support for form-based authentication
> -------------------------------------
>
>                 Key: SLING-175
>                 URL: https://issues.apache.org/jira/browse/SLING-175
>             Project: Sling
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Michael Marth
>            Priority: Minor
>
> Currently, Sling supports Basic Auth for authentication (and corresponding mapping of users and rights to the underlying repository). I would like to request that we can also have form-based authentication.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-175) support for form-based authentication

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12560392#action_12560392 ] 

Felix Meschberger commented on SLING-175:
-----------------------------------------

How do you inject the respective HTTP headers ?

> support for form-based authentication
> -------------------------------------
>
>                 Key: SLING-175
>                 URL: https://issues.apache.org/jira/browse/SLING-175
>             Project: Sling
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Michael Marth
>            Priority: Minor
>
> Currently, Sling supports Basic Auth for authentication (and corresponding mapping of users and rights to the underlying repository). I would like to request that we can also have form-based authentication.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-175) support for form-based authentication

Posted by "Lars Trieloff (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12560390#action_12560390 ] 

Lars Trieloff commented on SLING-175:
-------------------------------------

I would propose to implement a client-side wrapping of the current HTTP basic authentication that would allow styled HTML forms for the user interface, but still use sessionless HTTP-Authorization headers for actual data transmission. The implementation we have done for Mindquarry handles login, wrong credentials, password change and logout transparently without ever showing the browser's login window.

> support for form-based authentication
> -------------------------------------
>
>                 Key: SLING-175
>                 URL: https://issues.apache.org/jira/browse/SLING-175
>             Project: Sling
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Michael Marth
>            Priority: Minor
>
> Currently, Sling supports Basic Auth for authentication (and corresponding mapping of users and rights to the underlying repository). I would like to request that we can also have form-based authentication.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (SLING-175) support for form-based authentication

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger closed SLING-175.
-----------------------------------

       Resolution: Duplicate
    Fix Version/s: 2.0.0
         Assignee: Felix Meschberger

I think, the login form implemented by SLING-319 implements this request. Therefore, I close this issue as duplicate.

> support for form-based authentication
> -------------------------------------
>
>                 Key: SLING-175
>                 URL: https://issues.apache.org/jira/browse/SLING-175
>             Project: Sling
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Michael Marth
>            Assignee: Felix Meschberger
>            Priority: Minor
>             Fix For: 2.0.0
>
>
> Currently, Sling supports Basic Auth for authentication (and corresponding mapping of users and rights to the underlying repository). I would like to request that we can also have form-based authentication.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-175) support for form-based authentication

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12560980#action_12560980 ] 

Felix Meschberger commented on SLING-175:
-----------------------------------------

Thanks for the pointers.

That is an interesting use for Ajax:-)

> support for form-based authentication
> -------------------------------------
>
>                 Key: SLING-175
>                 URL: https://issues.apache.org/jira/browse/SLING-175
>             Project: Sling
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Michael Marth
>            Priority: Minor
>
> Currently, Sling supports Basic Auth for authentication (and corresponding mapping of users and rights to the underlying repository). I would like to request that we can also have form-based authentication.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.