You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2012/05/22 10:25:22 UTC
svn commit: r1341347 [6/16] - in /sling/site/trunk: ./ content/
content/tutorials-how-tos/
Modified: sling/site/trunk/content/eventing-and-jobs.mdtext
URL: http://svn.apache.org/viewvc/sling/site/trunk/content/eventing-and-jobs.mdtext?rev=1341347&r1=1341346&r2=1341347&view=diff
==============================================================================
--- sling/site/trunk/content/eventing-and-jobs.mdtext (original)
+++ sling/site/trunk/content/eventing-and-jobs.mdtext Tue May 22 08:25:18 2012
@@ -1,22 +1,19 @@
Title: Eventing and Jobs
-<a name="EventingandJobs-Eventing,JobsandScheduling"></a>
+
## Eventing, Jobs and Scheduling
-Apache Sling provides some mechanisms and support for eventing, handling
-jobs and scheduling.
+Apache Sling provides some mechanisms and support for eventing, handling jobs and scheduling.
To get some hands on code, you can refer to the following tutorials:
-* [How to Manage Events in Sling](how-to-manage-events-in-sling.html)
-* [Scheduler Service (commons scheduler)](scheduler-service-(commons-scheduler).html)
+* [How to Manage Events in Sling]({{ refs.how-to-manage-events-in-sling.path }})
+* [Scheduler Service (commons scheduler)]({{ refs.scheduler-service-commons-scheduler.path }})
-<a name="EventingandJobs-PossibleUseCasesforEventing"></a>
### Possible Use Cases for Eventing
* Workflow
* Post Processing (business processes)
* Caching
* Auditing
-<a name="EventingandJobs-SourcesofEvents"></a>
### Sources of Events
There is a variety of sources from which events can be send:
@@ -25,458 +22,196 @@ There is a variety of sources from which
* Events from messaging systems (~JMS)
* "External events"
-The events can eiter be generated inside a current user context, e.g. when
-the user performs an action through the UI, or they can be out of a user
-context, e.g. for schedulded events. This leads to different weights of
-events.
+The events can eiter be generated inside a current user context, e.g. when the user performs an action through the UI, or they can be out of a user context, e.g. for schedulded events. This leads to different weights of events.
-<a name="EventingandJobs-WeightsofEvents"></a>
### Weights of Events
-We can distinguish two different weights of events, depending how they are
-distributed in a clustered environment:
+We can distinguish two different weights of events, depending how they are distributed in a clustered environment:
+
+ * User generated events - these events are generated directly by some user action and are therefore started on one single node.
+ * Environment generated events (JCR events, scheduler events etc.) - these events are generated "simultaniously" on all nodes.
- * User generated events - these events are generated directly by some user
-action and are therefore started on one single node.
- * Environment generated events (JCR events, scheduler events etc.) - these
-events are generated "simultaniously" on all nodes.
-
-External events, like incoming JMS events etc. might fall either into the
-first or the second category. The receiver of such events must have the
-knowledge about the weight of the event.
+External events, like incoming JMS events etc. might fall either into the first or the second category. The receiver of such events must have the knowledge about the weight of the event.
-<a name="EventingandJobs-BasicPrinciples"></a>
### Basic Principles
-The foundation of the event mechanism is to distribute each event to every
-node in a clustered environment. The event distribution mechanism has no
-knowledge about the intent of the event and therefore is not able to make
-delivery decisions by itself. It is up to the sender to decide what should
-happen, however the sender must explicitly declare an event to be
-distributed. There are exceptions to "distributing everything to
-everywhere" as for example framework related events (bundle stopped,
-installed etc.) should not be distributed.
-
-The event mechanism will provide additional functionality making it easier
-for event receivers to decide if they should process an event. The event
-receiver can determine if the event is a local event or comming from a
-remote application node. Therefore a general rule of thumb is to process
-events only if they're local and just regard remote events as a FYI.
-
-The event mechanism is an *event* mechanism which should not be confused
-with a *messaging* mechanism. Events are received by the event mechanism
-and distributed to registered listeners. Concepts like durable listeners,
-guarantee of processing etc. are not part of the event mechanism itself.
-However, there will be additional support for such things, like job events.
-
-The application should try to use application events instead of low level
-JCR events whereever possible. Therefore a bridging between JCR events and
-the event mechanism is required. However, a general "automatic" mapping
-will not be provided. It is up to the application to develop such a mapping
-on a per use case base. There might be some support to make the mapping
-easier.
-
-The event handling should be made as transparent to the developer as
-possible. Therefore the additional code for a developer to make the
-eventing working in a clustered environment etc. should be kept to a
-minimum (which will hopefully reduce possible user errors).
+The foundation of the event mechanism is to distribute each event to every node in a clustered environment. The event distribution mechanism has no knowledge about the intent of the event and therefore is not able to make delivery decisions by itself. It is up to the sender to decide what should happen, however the sender must explicitly declare an event to be distributed. There are exceptions to "distributing everything to everywhere" as for example framework related events (bundle stopped, installed etc.) should not be distributed.
+
+The event mechanism will provide additional functionality making it easier for event receivers to decide if they should process an event. The event receiver can determine if the event is a local event or comming from a remote application node. Therefore a general rule of thumb is to process events only if they're local and just regard remote events as a FYI.
+
+The event mechanism is an *event* mechanism which should not be confused with a *messaging* mechanism. Events are received by the event mechanism and distributed to registered listeners. Concepts like durable listeners, guarantee of processing etc. are not part of the event mechanism itself. However, there will be additional support for such things, like job events.
+
+The application should try to use application events instead of low level JCR events whereever possible. Therefore a bridging between JCR events and the event mechanism is required. However, a general "automatic" mapping will not be provided. It is up to the application to develop such a mapping on a per use case base. There might be some support to make the mapping easier.
+
+The event handling should be made as transparent to the developer as possible. Therefore the additional code for a developer to make the eventing working in a clustered environment etc. should be kept to a minimum (which will hopefully reduce possible user errors).
-<a name="EventingandJobs-EventMechanism"></a>
## Event Mechanism
-The event mechanism is leveraging the OSGi Event Admin Specification (OSGi
-Compendium 113). The event admin specification provides a sufficient base.
-It is based on the event publish and subscribe mechanism. Each event is
-associated with a topic and data. The data consists of custom key-value
-pairs where the keys are strings and the values can be any object. However,
-to work in distributed environments it is advisable to use only string and
-scalar types for data. If complex objects are required they have to be
-serializable.
-
-Events can either be send synchronously or asynchronously. It is up to the
-caller (the one sending the event) to decide this by choosing one of the
-provided methods.
-
-The OSGi API is very simple and leightweight - sending an event is just
-generating the event object and calling the event admin. Rceiving the event
-is implementing a single interface and declaring through properties which
-topics one is interested in. It's possible to add an additional filter
-(based on property values for example).
-
-%N The event handler should not take too much time to process the event.
-For example, the Apache Felix implementation of the event admin black lists
-an event handler if it takes more than 5 seconds to process the event -
-regardless if the event is sent synchronously or asynchronously. Therefore
-any heavier processing has to be done in the background. The event is just
-the trigger to start this. The job mechanism explained in this
-documentation is a good way of implementing this functionality for an event
-handler.
-
-The aim is to add all functionality on top of an existing event admin
-implementation. Therefore everything should be added by additional event
-handlers.
+The event mechanism is leveraging the OSGi Event Admin Specification (OSGi Compendium 113). The event admin specification provides a sufficient base. It is based on the event publish and subscribe mechanism. Each event is associated with a topic and data. The data consists of custom key-value pairs where the keys are strings and the values can be any object. However, to work in distributed environments it is advisable to use only string and scalar types for data. If complex objects are required they have to be serializable.
+
+Events can either be send synchronously or asynchronously. It is up to the caller (the one sending the event) to decide this by choosing one of the provided methods.
+
+The OSGi API is very simple and leightweight - sending an event is just generating the event object and calling the event admin. Rceiving the event is implementing a single interface and declaring through properties which topics one is interested in. It's possible to add an additional filter (based on property values for example).
+
+%N The event handler should not take too much time to process the event. For example, the Apache Felix implementation of the event admin black lists an event handler if it takes more than 5 seconds to process the event - regardless if the event is sent synchronously or asynchronously. Therefore any heavier processing has to be done in the background. The event is just the trigger to start this. The job mechanism explained in this documentation is a good way of implementing this functionality for an event handler.
+
+The aim is to add all functionality on top of an existing event admin implementation. Therefore everything should be added by additional event handlers.
-<a name="EventingandJobs-EventHandler"></a>
## Event Handler
-An event handler registers itself on a (set of) topic. It can also specify
-a filter for the events. This event handler is either notified
-synchronously or asynchronously depending on how the event has been sent.
+An event handler registers itself on a (set of) topic. It can also specify a filter for the events. This event handler is either notified synchronously or asynchronously depending on how the event has been sent.
-<a name="EventingandJobs-Events"></a>
## Events
-The type of the event is specified by the hierarchically organized topic.
-In order to provide clustering of JCR repositories and clustering of the
-sling based application instances, each event can contain the following
-properties - if they are absent, a default value is assumed:
-
-* =event.distribute= - this flag is set by the sender of an event to give a
-hint if the event should be distributed across instances. For example JCR
-observation based events are already distributed on all instances, so there
-is no further need to distribute them. If the flag is present, the event
-will be distributed. The value has currently no meaning, however the
-EventUtil method should be used to add this property. If the flag is absent
-the event is distributed locally only.
-* =event.application= - An identifier for the current application node in
-the cluster. This information will be used to detect if an event has been
-created on different nodes. If the event has been created on the same note,
-the =event.application= is missing, if it is a remote event, the
-=event.application= contains the ID of the node, the event has been
-initially created.
-
-While the =event.distribute= must be set by the sender of an event (if the
-event should be distributed), the =event.application= property is
-maintained by the event mechanism. Therefore a client sending an event
-should *never* set this information by itself. This will confuse the local
-event handlers and result in unexpected behaviour. On remote events the
-=event.application= is set by the event distribution mechanism.
+The type of the event is specified by the hierarchically organized topic. In order to provide clustering of JCR repositories and clustering of the sling based application instances, each event can contain the following properties - if they are absent, a default value is assumed:
+
+* =event.distribute= - this flag is set by the sender of an event to give a hint if the event should be distributed across instances. For example JCR observation based events are already distributed on all instances, so there is no further need to distribute them. If the flag is present, the event will be distributed. The value has currently no meaning, however the EventUtil method should be used to add this property. If the flag is absent the event is distributed locally only.
+* =event.application= - An identifier for the current application node in the cluster. This information will be used to detect if an event has been created on different nodes. If the event has been created on the same note, the =event.application= is missing, if it is a remote event, the =event.application= contains the ID of the node, the event has been initially created.
+
+While the =event.distribute= must be set by the sender of an event (if the event should be distributed), the =event.application= property is maintained by the event mechanism. Therefore a client sending an event should *never* set this information by itself. This will confuse the local event handlers and result in unexpected behaviour. On remote events the =event.application= is set by the event distribution mechanism.
-<a name="EventingandJobs-EventDistributionAcrossApplicationNodes(Cluster)"></a>
## Event Distribution Across Application Nodes (Cluster)
-The (local) event admin is the service distributing events locally. The
-Sling Distributing Event Handler is a registered event handler that is
-listening for events to be distributed. It distributes the events to remote
-application notes, the JCR repository is used for distribution. The
-distributing event handler writes the events into the repository, the
-distributing event handlers on other application nodes get notified through
-observation and then distribute the read events locally.
-
-As mentioned above, the client sending an event has to mark an event to be
-distributed in a cluster by setting the =event.distribute= in the event
-properties (through ~EventUtil).
-The existance of this flag allows to register an event handler for all
-events having this flag. The event handler will add the =event.application=
-information and write the event into the repository. All other application
-nodes have an observer registered and get notified each time a new event is
-added to the repository. They'll read the event from the repository, clear
-the =event.distribute= and send this event locally and asynchronously.
-
-An event handler receiving such an event can distinguish it by checking the
-=event.application= property. If the property is not available, it is a
-local event - if the property is available it is a remote event.
-
-This distribution mechanism has the advantage that the application nodes do
-not need to know each other and the distribution mechanism is independent
-from the used event admin implementation. Defining the filter for the
-=event.distribute= is also very simple.
+The (local) event admin is the service distributing events locally. The Sling Distributing Event Handler is a registered event handler that is listening for events to be distributed. It distributes the events to remote application notes, the JCR repository is used for distribution. The distributing event handler writes the events into the repository, the distributing event handlers on other application nodes get notified through observation and then distribute the read events locally.
+
+As mentioned above, the client sending an event has to mark an event to be distributed in a cluster by setting the =event.distribute= in the event properties (through ~EventUtil).
+The existance of this flag allows to register an event handler for all events having this flag. The event handler will add the =event.application= information and write the event into the repository. All other application nodes have an observer registered and get notified each time a new event is added to the repository. They'll read the event from the repository, clear the =event.distribute= and send this event locally and asynchronously.
+
+An event handler receiving such an event can distinguish it by checking the =event.application= property. If the property is not available, it is a local event - if the property is available it is a remote event.
+
+This distribution mechanism has the advantage that the application nodes do not need to know each other and the distribution mechanism is independent from the used event admin implementation. Defining the filter for the =event.distribute= is also very simple.
-<a name="EventingandJobs-StoringEventsintheRepository"></a>
### Storing Events in the Repository
-Distributable events are stored in the repository, the repository will have
-a specific area (path) where all events are stored.
+Distributable events are stored in the repository, the repository will have a specific area (path) where all events are stored.
Each event is stored as a separate node with the following properties:
-<table>
-<tr><td> *Property Name* </td><td> *Description* </td></tr>
-<tr><td> =event:topic= </td><td> The topic of the event </td></tr>
-<tr><td> =event:application= </td><td> The identifier of the application node where the
-event was created </td></tr>
-<tr><td> =event:created= </td><td> The date and time when the event has been created
-(stored in the repository)
-</tr>
-<tr><td> =event:properties= </td><td> Serialized properties (except the
-=event.distribute=, but including the =event.application=) </td></tr>
-</table>
+| *Property Name* | *Description* |
+| =event:topic= | The topic of the event |
+| =event:application= | The identifier of the application node where the event was created |
+| =event:created= | The date and time when the event has been created (stored in the repository)
+| =event:properties= | Serialized properties (except the =event.distribute=, but including the =event.application=) |
-Each application is periodically removing old events from the repository
-(using the scheduler).
+Each application is periodically removing old events from the repository (using the scheduler).
-<a name="EventingandJobs-Jobs(GuaranteeofProcessing)"></a>
## Jobs (Guarantee of Processing)
-In general, the eventing mechanism has no knowledge about the contents of
-an event. Therefore, it can't decide if an event must be processed by a
-node. As the event mechanism is a "fire event and forget about it"
-algorithm, there is no way for an event admin to tell if someone has
-processed the event.
-
-On the other hand, there are use cases where the guarantee of processing is
-a must and usually this comes with the requirement of processing this event
-exactly once. Typical examples are sending notification emails (or sms) or
-post processing of content (like thumbnail generation of images or
-documents).
-
-We will call these events jobs to make clear that someone has to do
-something with the event (do the job). We will use a special topic
-=org/apache/sling/event/job= to indicate that the event contains a job, the
-real topic of the event is stored in the =event.job.topic= property. When a
-job event (event with the topic =org/apache/sling/event/job=) is received,
-a new event with the topic from the property =event.job.topic= is fired.
+In general, the eventing mechanism has no knowledge about the contents of an event. Therefore, it can't decide if an event must be processed by a node. As the event mechanism is a "fire event and forget about it" algorithm, there is no way for an event admin to tell if someone has processed the event.
+
+On the other hand, there are use cases where the guarantee of processing is a must and usually this comes with the requirement of processing this event exactly once. Typical examples are sending notification emails (or sms) or post processing of content (like thumbnail generation of images or documents).
+
+We will call these events jobs to make clear that someone has to do something with the event (do the job). We will use a special topic =org/apache/sling/event/job= to indicate that the event contains a job, the real topic of the event is stored in the =event.job.topic= property. When a job event (event with the topic =org/apache/sling/event/job=) is received, a new event with the topic from the property =event.job.topic= is fired.
The event must have the following properties:
-<table>
-<tr><td> *Property Name* </td><td> *Description* </td></tr>
-<tr><td> =event.job.topic= </td><td> The topic of the job </td></tr>
-<tr><td> =event.job.id= </td><td> A unique identifier for this job (optional) </td></tr>
-</table>
-
-The job event handler listens for all job events (all events with the topic
-=org/apache/sling/event/job=). The event handler will write the job event
-into the repository (into the job area), lock it, create a new event with
-the topic from the property =event.job.topic= and send the job event
-through the event admin. When the job is finished, the event listener will
-unlock the node from the repository.
-
-To avoid timeouts and black listing of event handlers, the job event
-handler does not assume that the job has been processed if the event could
-be sent successfully. It is the task of the event handler to notify the job
-event handler that it has processed the job. In addition, the job
-processing should be done in the background. The =EventUtil= class has a
-helper method for this: =processJob(Event, JobProcessor)=. The event
-handler must implement the =JobProcessor= interface which consists of a
-single =process(Event)= method. When the event handler receives a job
-event, it calls =EventUtil.processJob(event, this)= and returns. The
-=process(Event)= method is now called in the background and when it
-finishes, the job event handler is notified that the job is completed.
-
-If the event handler wants to do the background processing by itself or
-does not need background processing at all, it must signal completition of
-the job by call =EventUtil.finishedJob(event)=.
-
-By default an application node is queuing the jobs which means that only
-one job is processed at a time. If a job can be run in parallel on one
-application node, the property =event.job.parallel= should be set with any
-value.
+| *Property Name* | *Description* |
+| =event.job.topic= | The topic of the job |
+| =event.job.id= | A unique identifier for this job (optional) |
+
+The job event handler listens for all job events (all events with the topic =org/apache/sling/event/job=). The event handler will write the job event into the repository (into the job area), lock it, create a new event with the topic from the property =event.job.topic= and send the job event through the event admin. When the job is finished, the event listener will unlock the node from the repository.
+
+To avoid timeouts and black listing of event handlers, the job event handler does not assume that the job has been processed if the event could be sent successfully. It is the task of the event handler to notify the job event handler that it has processed the job. In addition, the job processing should be done in the background. The =EventUtil= class has a helper method for this: =processJob(Event, JobProcessor)=. The event handler must implement the =JobProcessor= interface which consists of a single =process(Event)= method. When the event handler receives a job event, it calls =EventUtil.processJob(event, this)= and returns. The =process(Event)= method is now called in the background and when it finishes, the job event handler is notified that the job is completed.
+
+If the event handler wants to do the background processing by itself or does not need background processing at all, it must signal completition of the job by call =EventUtil.finishedJob(event)=.
+
+By default an application node is queuing the jobs which means that only one job is processed at a time. If a job can be run in parallel on one application node, the property =event.job.parallel= should be set with any value.
The job id is optional and can be used to update or reactivate jobs.
-<a name="EventingandJobs-StoringJobsintheRepository"></a>
### Storing Jobs in the Repository
-Jobs are stored in the repository in order to ensure that exactly one
-single application node is processing the job. The repository will have a
-specific area (path) where all jobs are stored. In order to distinguish a
-job which occured twice and a job which is generated at the same time on
-several nodes, each job can be uniquely identified by its topic (property
-=event.job.topic=) and the =event.job.id= property. It is up to the client
-who is creating the event to ensure that the =event.job.id= property is
-unqiue *and* identical on all application nodes. If the job id is not
-provided for the job, then it is up to the client to ensure that the job
-even is only fired once.
-
-When the job event listener tries to write a job into the repository it
-will check if the repository already contains a job with the given topic
-=event.job.topic= and =event.job.id= property. If the event has already
-been written by some other application node, it's not written again. If the
-event has been written by the same node, it will be set to active again
-(=event:active= will be set to true and =event:created= will be updated).
+Jobs are stored in the repository in order to ensure that exactly one single application node is processing the job. The repository will have a specific area (path) where all jobs are stored. In order to distinguish a job which occured twice and a job which is generated at the same time on several nodes, each job can be uniquely identified by its topic (property =event.job.topic=) and the =event.job.id= property. It is up to the client who is creating the event to ensure that the =event.job.id= property is unqiue *and* identical on all application nodes. If the job id is not provided for the job, then it is up to the client to ensure that the job even is only fired once.
+
+When the job event listener tries to write a job into the repository it will check if the repository already contains a job with the given topic =event.job.topic= and =event.job.id= property. If the event has already been written by some other application node, it's not written again. If the event has been written by the same node, it will be set to active again (=event:active= will be set to true and =event:created= will be updated).
Each job is stored as a separate node with the following properties:
-<table>
-<tr><td> *Property Name* </td><td> *Description* </td></tr>
-<tr><td> =event:topic= </td><td> The topic of the job </td></tr>
-<tr><td> =event:application= </td><td> The identifier of the node where the job was
-created </td></tr>
-<tr><td> =event:processor= </td><td> The identifier of the node which processed the job
-</td></tr>
-<tr><td> =event:active= </td><td> Indicates if this job is active and should be
-processed(unlocked) or is currently processed (locked) </td></tr>
-<tr><td> =event:created= </td><td> The date and time when the event has been created
-(stored in the repository)
-</tr>
-<tr><td> =event:id= </td><td> The unique identifier of this job (optional).
-</tr>
-<tr><td> =event:properties= </td><td> Serialized properties </td></tr>
-<tr><td> =event:finished= </td><td> The date and time when the job has been finished </td></tr>
-</table>
-
-
-The failover of an application node is accomplished by locking and the
-=event:active= flag. If a job is locked in the repository a session scoped
-lock is used. If this application node dies, the lock dies as well. Each
-application node observes the JCR locking properties and therefore gets
-aware of unlocked event nodes with the active flag set to true. If an
-application node finds such a node, it locks it, updates the
-=event:application= information and processes it accordingly. In this case
-the event gets the additional property =org/apache/sling/job/retry=.
+| *Property Name* | *Description* |
+| =event:topic= | The topic of the job |
+| =event:application= | The identifier of the node where the job was created |
+| =event:processor= | The identifier of the node which processed the job |
+| =event:active= | Indicates if this job is active and should be processed(unlocked) or is currently processed (locked) |
+| =event:created= | The date and time when the event has been created (stored in the repository)
+| =event:id= | The unique identifier of this job (optional).
+| =event:properties= | Serialized properties |
+| =event:finished= | The date and time when the job has been finished |
+
+
+The failover of an application node is accomplished by locking and the =event:active= flag. If a job is locked in the repository a session scoped lock is used. If this application node dies, the lock dies as well. Each application node observes the JCR locking properties and therefore gets aware of unlocked event nodes with the active flag set to true. If an application node finds such a node, it locks it, updates the =event:application= information and processes it accordingly. In this case the event gets the additional property =org/apache/sling/job/retry=.
-Each application is periodically removing old jobs from the repository
-(using the scheduler).
+Each application is periodically removing old jobs from the repository (using the scheduler).
-<a name="EventingandJobs-DistributionofJobs"></a>
### Distribution of Jobs
-A job event is an event like any other. Therefore it is up to the client
-generating the event to decide if the event should be distributed. If the
-event is distributed, it will be distributed with a set =event.application=
-on the remote nodes. If the job event handler receives a job with the
-=event.application= property set, it will not try to write it into the
-repository. It will just broadcast this event asynchronously as a ~FYI
-event.
-
-If a job event is created simultanously on all application nodes, the event
-will not be distributed. The application node that actually has the lock on
-the stored job in the repository will clear the =event.application= when
-sending the event locally. All other application nodes will use the
-=event.application= stored in the repository when broadcasting the event
-locally.
+A job event is an event like any other. Therefore it is up to the client generating the event to decide if the event should be distributed. If the event is distributed, it will be distributed with a set =event.application= on the remote nodes. If the job event handler receives a job with the =event.application= property set, it will not try to write it into the repository. It will just broadcast this event asynchronously as a ~FYI event.
+
+If a job event is created simultanously on all application nodes, the event will not be distributed. The application node that actually has the lock on the stored job in the repository will clear the =event.application= when sending the event locally. All other application nodes will use the =event.application= stored in the repository when broadcasting the event locally.
-<a name="EventingandJobs-UsagePatterns"></a>
## Usage Patterns
-Based on some usage patterns, we discuss the functionality of the eventing
-mechanism.
+Based on some usage patterns, we discuss the functionality of the eventing mechanism.
-<a name="EventingandJobs-SendingUserGeneratedEvents"></a>
### Sending User Generated Events
-If a user action results in an event, the event is only created on one
-single node in the cluster. The event object is generated and delivered to
-the OSGi event admin. If the =event.distribute= is not explicitly set, the
-event is only distributed localled.
-
-If the =event.distribute= is the, the cluster event handler will write the
-event into the repository. All nodes in the cluster observe the repository
-area where all events are stored. If a new event is written into that area,
-each application node will get notified. It will create the event based on
-the information in the repository, clear the =event.distribute= and publish
-the event.
+If a user action results in an event, the event is only created on one single node in the cluster. The event object is generated and delivered to the OSGi event admin. If the =event.distribute= is not explicitly set, the event is only distributed localled.
+
+If the =event.distribute= is the, the cluster event handler will write the event into the repository. All nodes in the cluster observe the repository area where all events are stored. If a new event is written into that area, each application node will get notified. It will create the event based on the information in the repository, clear the =event.distribute= and publish the event.
The flow can be described as follows:
-1. Client code generates event using OSGi API, if the =event.distribute=
-should be set, it is using the ~EventUtil.
+1. Client code generates event using OSGi API, if the =event.distribute= should be set, it is using the ~EventUtil.
1. Client code sends the event to the (local) event admin.
1. Event admin delivers the event locally.
-1. Clustering event handler receives the event if =event.distribute= is
-present
-1. # Event handler adds =event.application= and writes the event to the
-repository
-1. # Remote repository observers get notified through JCR observation about
-the new event. They distribute the event locally with the
-=event.application= (from the node where the event occured first) and
-cleared =event.distribute=.
+1. Clustering event handler receives the event if =event.distribute= is present
+1. # Event handler adds =event.application= and writes the event to the repository
+1. # Remote repository observers get notified through JCR observation about the new event. They distribute the event locally with the =event.application= (from the node where the event occured first) and cleared =event.distribute=.
-<a name="EventingandJobs-ProcessingJCREvents"></a>
### Processing JCR Events
-JCR events are environment generated events and therefore are sent by the
-repository to each node in the cluster. In general, it is advisable to not
-built the application on the low level repository events but to use
-application events. Therefore the observer of the JCR event should create
-an OSGi event based on the changes in the repository. A decision has to be
-made if the event should be a job or a plain event.
+JCR events are environment generated events and therefore are sent by the repository to each node in the cluster. In general, it is advisable to not built the application on the low level repository events but to use application events. Therefore the observer of the JCR event should create an OSGi event based on the changes in the repository. A decision has to be made if the event should be a job or a plain event.
The flow can be described as follows:
1. Client registers for JCR observation
1. JCR notifies the client for changes
-1. Client generates OSGi event based on the JCR events (the
-=event.distribute= will not be set), it decides if it sends this event as a
-job.
+1. Client generates OSGi event based on the JCR events (the =event.distribute= will not be set), it decides if it sends this event as a job.
1. Client code sends the event to the (local) event admin
1. Event admin publishes the event locally
-1. The distribution event handler does not set see the event as the
-=event.distribute= is not set.
+1. The distribution event handler does not set see the event as the =event.distribute= is not set.
1. The job event handler gets the event if it has the job topic
-1. # The job event handler adds the =event.application= property and tries to
-write the job to the repository
-1. ## If no job with the topic and =id= property is in the repository, the
-event will be written and locked.
+1. # The job event handler adds the =event.application= property and tries to write the job to the repository
+1. ## If no job with the topic and =id= property is in the repository, the event will be written and locked.
1. ## If an event with the topic and =id= property is in the repository then:
-1. ### If the =event.application= equals the current application node, the
-event is set to active (=event:active=) in the repository again and locked
-1. ### If the =event.application= does not equal the current application
-node, the event is not distributed locally.
-1. ## If the job could be locked in the repository, the job event handler
-delivers the job locally and synchronously and it unlocks the job and sets
-=event:active= to false afterwards.
+1. ### If the =event.application= equals the current application node, the event is set to active (=event:active=) in the repository again and locked
+1. ### If the =event.application= does not equal the current application node, the event is not distributed locally.
+1. ## If the job could be locked in the repository, the job event handler delivers the job locally and synchronously and it unlocks the job and sets =event:active= to false afterwards.
-<a name="EventingandJobs-SendingScheduledEvents"></a>
### Sending Scheduled Events
-Scheduled events are OSGi events that have been created by the environemnt.
-They are generated on each application node of the cluster through an own
-scheduler instance. Sending these events works the same as sending events
-based on JCR events (see above).
+Scheduled events are OSGi events that have been created by the environemnt. They are generated on each application node of the cluster through an own scheduler instance. Sending these events works the same as sending events based on JCR events (see above).
-In most use cases a scheduler will send job events to ensure that exactly
-one application node is processing the event.
+In most use cases a scheduler will send job events to ensure that exactly one application node is processing the event.
-<a name="EventingandJobs-ReceivingOSGiEvents"></a>
### Receiving OSGi Events
-If you want to receive OSGi events, you can just follow the specification:
-receive it via a custom event handler which is registered on bundle start -
-a filter can be specified as a configuration property of the handler.
-
-As we follow the principle of distributing each event to every registered
-handler, the handler has to decide if it will process the event. In order
-to avoid multiple processing of this event in a clustered environment, the
-event handler should check the =event.application= property. If it is not
-set, it's a local event and the handler should process the event. If the
-=event.application= is set, it's a remote event and the handler should not
-process the event. This is a general rule of thumb - however, it's up to
-the handler to make its decision either on =event.application= or any other
-information.
-
-It is advisable to perform the local event check even in a non clustered
-environment as it makes the migration to a cluster later on much easier and
-there is nearly no performance overhead caused by the check.
-
-The ~EventUtil class provides an utility method =isLocalEvent(Event)= which
-checks the existance of the =event.application= property and returns =true=
-if it is absend.
+If you want to receive OSGi events, you can just follow the specification: receive it via a custom event handler which is registered on bundle start - a filter can be specified as a configuration property of the handler.
+
+As we follow the principle of distributing each event to every registered handler, the handler has to decide if it will process the event. In order to avoid multiple processing of this event in a clustered environment, the event handler should check the =event.application= property. If it is not set, it's a local event and the handler should process the event. If the =event.application= is set, it's a remote event and the handler should not process the event. This is a general rule of thumb - however, it's up to the handler to make its decision either on =event.application= or any other information.
+
+It is advisable to perform the local event check even in a non clustered environment as it makes the migration to a cluster later on much easier and there is nearly no performance overhead caused by the check.
+
+The ~EventUtil class provides an utility method =isLocalEvent(Event)= which checks the existance of the =event.application= property and returns =true= if it is absend.
-<a name="EventingandJobs-Scheduler"></a>
## Scheduler
-Each Sling based application will contain a scheduler service (which is
-based on the Quartz open source project).
+Each Sling based application will contain a scheduler service (which is based on the Quartz open source project).
-<a name="EventingandJobs-UseCases"></a>
## Use Cases
-<a name="EventingandJobs-PostProcessing(BusinessProcesses)"></a>
### Post Processing (Business Processes)
-A typical example for post processing (or running a business process) is
-sending an email or creating thumbnails and extracting meta data from the
-content (like we do in DAM), which we will discuss here.
-
-An appropriate JCR observer will be registered. This observer detects when
-new content is put into the repository or when content is changed. In these
-cases it creates appropriate =CONTENT_ADDED=, =CONTENT_UPDATED= OSGi events
-from the JCR events. In order to ensure that these actions get processed
-accordingly, the event is send as a job (with the special job topic, the
-=topic= and =id= property).
-
-The event admin now delivers these jobs to the registered handlers. The job
-event handler gets notified and (simplified version) sends the contained
-event synchronously. One of the handlers for these events is the post
-processing service in DAM. The job mechanism ensures that exactly one
-application node is post processing and that the process has to be finished
-even if the application node dies during execution.
+A typical example for post processing (or running a business process) is sending an email or creating thumbnails and extracting meta data from the content (like we do in DAM), which we will discuss here.
+
+An appropriate JCR observer will be registered. This observer detects when new content is put into the repository or when content is changed. In these cases it creates appropriate =CONTENT*ADDED=, =CONTENT*UPDATED= OSGi events from the JCR events. In order to ensure that these actions get processed accordingly, the event is send as a job (with the special job topic, the =topic= and =id= property).
+
+The event admin now delivers these jobs to the registered handlers. The job event handler gets notified and (simplified version) sends the contained event synchronously. One of the handlers for these events is the post processing service in DAM. The job mechanism ensures that exactly one application node is post processing and that the process has to be finished even if the application node dies during execution.
-<a name="EventingandJobs-Scheduling"></a>
## Scheduling
-The scheduler is a service which uses the open source Quartz library. The
-scheduler has methods to start jobs periodically or with a cron definition.
-In addition, a service either implementing =java.lang.Runnable= or
-=org.quartz.job= is started through the whiteboard pattern *if* it either
-contains a configuration property =scheduler.expression= or
-=scheduler.period=. The job is started with the ~PID of the service - if
-the service has no PID, the configuration property =scheduler.name= must be
-set.
+The scheduler is a service which uses the open source Quartz library. The scheduler has methods to start jobs periodically or with a cron definition. In addition, a service either implementing =java.lang.Runnable= or =org.quartz.job= is started through the whiteboard pattern *if* it either contains a configuration property =scheduler.expression= or =scheduler.period=. The job is started with the ~PID of the service - if the service has no PID, the configuration property =scheduler.name= must be set.
Modified: sling/site/trunk/content/filters.mdtext
URL: http://svn.apache.org/viewvc/sling/site/trunk/content/filters.mdtext?rev=1341347&r1=1341346&r2=1341347&view=diff
==============================================================================
--- sling/site/trunk/content/filters.mdtext (original)
+++ sling/site/trunk/content/filters.mdtext Tue May 22 08:25:18 2012
@@ -1,208 +1,112 @@
Title: Filters
-<a name="Filters-ServletFilterSupport"></a>
+
# Servlet Filter Support
-Sling supports filter processing by applying filter chains to the requests
-before actually dispatching to the servlet or script for processing.
-Filters to be used in such filter processing are plain OSGi services of
-type *javax.servlet.Filter* which of course means that the services
-implement this interface.
+Sling supports filter processing by applying filter chains to the requests before actually dispatching to the servlet or script for processing. Filters to be used in such filter processing are plain OSGi services of type `javax.servlet.Filter` which of course means that the services implement this interface.
{note}
-See [SLING-1213](https://issues.apache.org/jira/browse/SLING-1213)
-, [SLING-1734|https://issues.apache.org/jira/browse/SLING-1734]
-, and [Registering filters with Sling|http://markmail.org/message/quxhm7d5s6u66crr]
- for more details.
+See [SLING-1213]({{ refs.https://issues.apache.org/jira/browse/SLING-1213.path }}), [SLING-1734|https://issues.apache.org/jira/browse/SLING-1734], and [Registering filters with Sling|http://markmail.org/message/quxhm7d5s6u66crr] for more details.
{note}
-For Sling to pick up a *javax.servlet.Filter* service for filter
-processing two service registration properties are inspected:
+For Sling to pick up a `javax.servlet.Filter` service for filter processing two service registration properties are inspected:
-<table>
-<tr><th> Property </th><th> Type </th><th> Default Value </th><th> Valid Values </th><th> Description </th></tr>
-<tr><td> *sling.filter.scope* </td><td> *String*, {{String[](.html)
-}} or *Vector<String>* </td><td> *request* </td><td> *REQUEST*, *INCLUDE*,
-*FORWARD*, *ERROR*, *COMPONENT* </td><td> Indication of which chain the
-filter should be added to. This property is required. If it is missing from
-the service, the service is ignored because it is assumed another consumer
-will be interested in using the service. Any unknown values of this
-property are also ignored causing the service to be completely ignored if
-none of the values provided by the property are valid. See below for the
-description of the filter chains. </td></tr>
-<tr><td> *service.ranking* </td><td> *Integer* </td><td> *0* </td><td> Any *Integer* value </td><td>
-Indication of where to place the filter in the filter chain. The higher the
-number the earlier in the filter chain. This value may span the whole range
-of integer values. Two filters with equal *service.ranking* property
-value (explicitly set or default value of zero) will be ordered according
-to their *service.id* service property as described in section 5.2.5,
-Service Properties, of the OSGi Core Specification R 4.2. </td></tr>
-</table>
+| Property | Type | Default Value | Valid Values | Description |
+|--|--|--|--|--|
+| `sling.filter.scope` | `String`, `String[]({{ refs..path }})` or `Vector<String>` | `request` | `REQUEST`, `INCLUDE`, `FORWARD`, `ERROR`, `COMPONENT` | Indication of which chain the filter should be added to. This property is required. If it is missing from the service, the service is ignored because it is assumed another consumer will be interested in using the service. Any unknown values of this property are also ignored causing the service to be completely ignored if none of the values provided by the property are valid. See below for the description of the filter chains. |
+| `service.ranking` | `Integer` | `0` | Any `Integer` value | Indication of where to place the filter in the filter chain. The higher the number the earlier in the filter chain. This value may span the whole range of integer values. Two filters with equal `service.ranking` property value (explicitly set or default value of zero) will be ordered according to their `service.id` service property as described in section 5.2.5, Service Properties, of the OSGi Core Specification R 4.2. |
-<a name="Filters-FilterChains"></a>
## Filter Chains
-Sling maintains five filter chains: request level, component level, include
-filters, forward filters and error filters. Except for the component level
-filter these filter chains correspond to the filter *<dispatcher>*
-configurations as defined for Servlet API 2.5 web applications (see section
-SRV.6.2.5 Filters and the RequestDispatcher).
-
-The following table summarizes when each of the filter chains is called and
-what value must be defined in the *sling.filter.scope* property to have a
-filter added to the respective chain:
-
-<table>
-<tr><th> *sling.filter.scope* </th><th> Servlet API Correspondence </th><th> Description </th></tr>
-<tr><td> *REQUEST* </td><td> *REQUEST* </td><td> Filters are called once per request hitting
-Sling from the outside. These filters are called after the resource
-addressed by the request URL and the Servlet or script to process the
-request has been resolved before the *COMPONENT* filters (if any) and the
-Servlet or script are called. </td></tr>
-<tr><td> *INCLUDE* </td><td> *INCLUDE* </td><td> Filters are called upon calling the
-*RequestDispatcher.include* method after the included resource and the
-Servlet or script to process the include have been resolved before the
-Servlet or script is called. </td></tr>
-<tr><td> *FORWARD* </td><td> *FORWARD* </td><td> Filters are called upon calling the
-*RequestDispatcher.forward* method after the included resource and the
-Servlet or script to process the include have been resolved before the
-Servlet or script is called. </td></tr>
-<tr><td> *ERROR* </td><td> *ERROR* </td><td> Filters are called upon
-*HttpServletResponse.sendError* or any uncaught *Throwable* before
-resolving the error handler Servlet or script. </td></tr>
-<tr><td> *COMPONENT* </td><td> *REQUEST,INCLUDE,FORWARD* </td><td> The *COMPONENT* scoped
-filters are present for backwards compatibility with earlier Sling Engine
-releases. These filters will be called among the *INCLUDE* and
-*FORWARD* filters upon *RequestDispatcher.include* or
-*RequestDispatcher.forward* as well as before calling the request level
-Servlet or script after the *REQUEST* filters. </td></tr>
-</table>
-
-Note on *INCLUDE* and *FORWARD* with respect to JSP tags: These filters
-are also called if the respective including (e.g. *<jsp:include>* or
-*<sling:include>*) or forwarding (e.g. *<jsp:forward>* or
-*<sling:forward>*) ultimately calls the *RequestDispatcher*.
+Sling maintains five filter chains: request level, component level, include filters, forward filters and error filters. Except for the component level filter these filter chains correspond to the filter `<dispatcher>` configurations as defined for Servlet API 2.5 web applications (see section SRV.6.2.5 Filters and the RequestDispatcher).
+
+The following table summarizes when each of the filter chains is called and what value must be defined in the `sling.filter.scope` property to have a filter added to the respective chain:
+
+| `sling.filter.scope` | Servlet API Correspondence | Description |
+|--|--|--|
+| `REQUEST` | `REQUEST` | Filters are called once per request hitting Sling from the outside. These filters are called after the resource addressed by the request URL and the Servlet or script to process the request has been resolved before the `COMPONENT` filters (if any) and the Servlet or script are called. |
+| `INCLUDE` | `INCLUDE` | Filters are called upon calling the `RequestDispatcher.include` method after the included resource and the Servlet or script to process the include have been resolved before the Servlet or script is called. |
+| `FORWARD` | `FORWARD` | Filters are called upon calling the `RequestDispatcher.forward` method after the included resource and the Servlet or script to process the include have been resolved before the Servlet or script is called. |
+| `ERROR` | `ERROR` | Filters are called upon `HttpServletResponse.sendError` or any uncaught `Throwable` before resolving the error handler Servlet or script. |
+| `COMPONENT` | `REQUEST,INCLUDE,FORWARD` | The `COMPONENT` scoped filters are present for backwards compatibility with earlier Sling Engine releases. These filters will be called among the `INCLUDE` and `FORWARD` filters upon `RequestDispatcher.include` or `RequestDispatcher.forward` as well as before calling the request level Servlet or script after the `REQUEST` filters. |
+
+Note on `INCLUDE` and `FORWARD` with respect to JSP tags: These filters are also called if the respective including (e.g. `<jsp:include>` or `<sling:include>`) or forwarding (e.g. `<jsp:forward>` or `<sling:forward>`) ultimately calls the `RequestDispatcher`.
-<a name="Filters-FilterProcessing"></a>
## Filter Processing
-Filter processing is part of the Sling request processing, which may be
-sketched as follows:
+Filter processing is part of the Sling request processing, which may be sketched as follows:
+
+| *Request Level* |
+| Authentication |
+| Resource Resolution |
+| Servlet/Script Resolution |
+| Request Level Filter Processing |
+| *Component Level* |
+
+The first step of request processing is the *Request Level* processing which is concerned with resolving the resource, finding the appropriate servlet and calling into the request level filter chain. The next step is the *Component Level* processing, calling into the component level filters before finally calling the servlet or script:
+
+| *Component Level* |
+| Component Level Filter Processing |
+| Call Servlet or Script |
+
+When a servlet or script is including or forwarding to another resource for processing through the `RequestDispatcher` (or any JSP tag or other language feature ultimately using a `RequestDispatcher`) the following *Dispatch* processing takes place:
+
+| *Dispatch* |
+| Resolve the resource to dispatch to if not already defined when getting the `RequestDispatcher` |
+| Servlet/Script resolution |
+| Call include or forward filters depending on the kind of dispatch |
+| Call Servlet or Script |
-<table>
-<tr><td> _Request Level_ </td></tr>
-<tr><td> Authentication </td></tr>
-<tr><td> Resource Resolution </td></tr>
-<tr><td> Servlet/Script Resolution </td></tr>
-<tr><td> Request Level Filter Processing </td></tr>
-<tr><td> _Component Level_ </td></tr>
-</table>
-
-The first step of request processing is the _Request Level_ processing
-which is concerned with resolving the resource, finding the appropriate
-servlet and calling into the request level filter chain. The next step is
-the _Component Level_ processing, calling into the component level filters
-before finally calling the servlet or script:
-
-<table>
-<tr><td> _Component Level_ </td></tr>
-<tr><td> Component Level Filter Processing </td></tr>
-<tr><td> Call Servlet or Script </td></tr>
-</table>
-
-When a servlet or script is including or forwarding to another resource for
-processing through the *RequestDispatcher* (or any JSP tag or other
-language feature ultimately using a *RequestDispatcher*) the following
-_Dispatch_ processing takes place:
-
-<table>
-<tr><td> _Dispatch_ </td></tr>
-<tr><td> Resolve the resource to dispatch to if not already defined when getting
-the *RequestDispatcher* </td></tr>
-<tr><td> Servlet/Script resolution </td></tr>
-<tr><td> Call include or forward filters depending on the kind of dispatch </td></tr>
-<tr><td> Call Servlet or Script </td></tr>
-</table>
-
-As a consequence, request level filters will be called at most once during
-request processing (they may not be called at all if a filter earlier in
-the filter chain decides to terminate the request) while the component
-level, include, and forward filters may be called multiple times while
-processing a request.
+As a consequence, request level filters will be called at most once during request processing (they may not be called at all if a filter earlier in the filter chain decides to terminate the request) while the component level, include, and forward filters may be called multiple times while processing a request.
-<a name="Filters-Troubleshooting"></a>
## Troubleshooting
-Apart form the logs which tell you when filters are executed, two Sling
-plugins provide information about filters in the OSGi console.
+Apart form the logs which tell you when filters are executed, two Sling plugins provide information about filters in the OSGi console.
-<a name="Filters-RecentRequestsplugin"></a>
### Recent Requests plugin
-The request traces provided at */system/console/requests* contain
-information about filter execution, as in this example:
+The request traces provided at `/system/console/requests` contain information about filter execution, as in this example:
<DIV class="code panel" style="border-style: solid;border-width: 1px;"><DIV class="codeHeader panelHeader" style="border-bottom-width: 1px;border-bottom-style: solid;"><B>Recent Requests plugin info</B></DIV><DIV class="codeContent panelContent">
0 (2010-09-08 15:22:38) TIMER_START{Request Processing}
...
- 0 (2010-09-08 15:22:38) LOG Method=GET,
-PathInfo=/libs/wcm/core/content/siteadmin.html
+ 0 (2010-09-08 15:22:38) LOG Method=GET, PathInfo=/libs/wcm/core/content/siteadmin.html
3 (2010-09-08 15:22:38) LOG Applying request filters
- 3 (2010-09-08 15:22:38) LOG Calling filter:
-org.apache.sling.bgservlets.impl.BackgroundServletStarterFilter
- 3 (2010-09-08 15:22:38) LOG Calling filter:
-org.apache.sling.portal.container.internal.request.PortalFilter
- 3 (2010-09-08 15:22:38) LOG Calling filter:
-org.apache.sling.rewriter.impl.RewriterFilter
- 3 (2010-09-08 15:22:38) LOG Calling filter:
-com.day.cq.wcm.core.impl.WCMRequestFilter
- 3 (2010-09-08 15:22:38) LOG Calling filter:
-org.apache.sling.i18n.impl.I18NFilter
- 3 (2010-09-08 15:22:38) LOG Calling filter:
-com.day.cq.theme.impl.ThemeResolverFilter
- 3 (2010-09-08 15:22:38) LOG Calling filter:
-com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet
- 3 (2010-09-08 15:22:38) LOG Calling filter:
-org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter
- 3 (2010-09-08 15:22:38) LOG Calling filter:
-com.day.cq.wcm.mobile.core.impl.redirect.RedirectFilter
- 3 (2010-09-08 15:22:38) LOG RedirectFilter did not redirect
-(MobileUtil.isMobileResource() returns false)
+ 3 (2010-09-08 15:22:38) LOG Calling filter: org.apache.sling.bgservlets.impl.BackgroundServletStarterFilter
+ 3 (2010-09-08 15:22:38) LOG Calling filter: org.apache.sling.portal.container.internal.request.PortalFilter
+ 3 (2010-09-08 15:22:38) LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter
+ 3 (2010-09-08 15:22:38) LOG Calling filter: com.day.cq.wcm.core.impl.WCMRequestFilter
+ 3 (2010-09-08 15:22:38) LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter
+ 3 (2010-09-08 15:22:38) LOG Calling filter: com.day.cq.theme.impl.ThemeResolverFilter
+ 3 (2010-09-08 15:22:38) LOG Calling filter: com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet
+ 3 (2010-09-08 15:22:38) LOG Calling filter: org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter
+ 3 (2010-09-08 15:22:38) LOG Calling filter: com.day.cq.wcm.mobile.core.impl.redirect.RedirectFilter
+ 3 (2010-09-08 15:22:38) LOG RedirectFilter did not redirect (MobileUtil.isMobileResource() returns false)
3 (2010-09-08 15:22:38) LOG Applying inner filters
- 3 (2010-09-08 15:22:38) LOG Calling filter:
-com.day.cq.wcm.core.impl.WCMComponentFilter
- 3 (2010-09-08 15:22:38) LOG Calling filter:
-com.day.cq.wcm.core.impl.WCMDebugFilter
- 3 (2010-09-08 15:22:38)
-TIMER_START{/libs/cq/ui/components/widget/html.jsp#0}
+ 3 (2010-09-08 15:22:38) LOG Calling filter: com.day.cq.wcm.core.impl.WCMComponentFilter
+ 3 (2010-09-08 15:22:38) LOG Calling filter: com.day.cq.wcm.core.impl.WCMDebugFilter
+ 3 (2010-09-08 15:22:38) TIMER_START{/libs/cq/ui/components/widget/html.jsp#0}
...
8 (2010-09-08 15:22:38) TIMER_END{8,Request Processing} Request Processing
-<a name="Filters-ConfigStatusplugin"></a>
### Config Status plugin
-The configuration status page at */system/console/config* includes the
-current list of active filters in its _Servlet Filters_ category, as in
-this example:
+The configuration status page at `/system/console/config` includes the current list of active filters in its *Servlet Filters* category, as in this example:
<DIV class="code panel" style="border-style: solid;border-width: 1px;"><DIV class="codeHeader panelHeader" style="border-bottom-width: 1px;border-bottom-style: solid;"><B>Config Status plugin info</B></DIV><DIV class="codeContent panelContent">
Current Apache Sling Servlet Filter Configuration
Request Filters:
- -2147483648 : class
-org.apache.sling.bgservlets.impl.BackgroundServletStarterFilter (2547)
- -3000 : class
-org.apache.sling.portal.container.internal.request.PortalFilter (2562)
+ -2147483648 : class org.apache.sling.bgservlets.impl.BackgroundServletStarterFilter (2547)
+ -3000 : class org.apache.sling.portal.container.internal.request.PortalFilter (2562)
-2500 : class org.apache.sling.rewriter.impl.RewriterFilter (3365)
-2000 : class com.day.cq.wcm.core.impl.WCMRequestFilter (2548)
-700 : class org.apache.sling.i18n.impl.I18NFilter (2334)
-600 : class com.day.cq.theme.impl.ThemeResolverFilter (2244)
- -600 : class com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet
-(2268)
- 0 : class
-org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter (2402)
+ -600 : class com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet (2268)
+ 0 : class org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter (2402)
1000 : class com.day.cq.wcm.mobile.core.impl.redirect.RedirectFilter (3363)
Error Filters:
@@ -221,21 +125,13 @@ org.apache.sling.engine.impl.debug.Reque
1000 : class com.day.cq.wcm.core.impl.WCMDebugFilter (2449)
-The first numbers on those lines are the filter priorities, and the last
-number in parentheses is the OSGi service ID.
+The first numbers on those lines are the filter priorities, and the last number in parentheses is the OSGi service ID.
-<a name="Filters-SupportinSlingEngine2.1.0"></a>
## Support in Sling Engine 2.1.0
-Up to and including Sling Engine 2.1.0 support for Servlet Filters has been
-as follows:
+Up to and including Sling Engine 2.1.0 support for Servlet Filters has been as follows:
-* Any *javax.servlet.Filter* service is accepted as a filter for Sling
-unless the *pattern* property used by the [Apache Felix HttpService whiteboard support](http://felix.apache.org/site/apache-felix-http-service.html#ApacheFelixHTTPService-UsingtheWhiteboard)
- is set in the service registration properties.
-* The *filter.scope* property is optional and supports the case-sensitive
-values *request* and *component*.
-* Filter ordering is defined by the *filter.order* property whose default
-value is *Integer.MAX_VALUE* where smaller values have higher priority
-over higher values.
+* Any `javax.servlet.Filter` service is accepted as a filter for Sling unless the `pattern` property used by the [Apache Felix HttpService whiteboard support]({{ refs.http://felix.apache.org/site/apache-felix-http-service.html#ApacheFelixHTTPService-UsingtheWhiteboard.path }}) is set in the service registration properties.
+* The `filter.scope` property is optional and supports the case-sensitive values `request` and `component`.
+* Filter ordering is defined by the `filter.order` property whose default value is `Integer.MAX_VALUE` where smaller values have higher priority over higher values.
\ No newline at end of file
Modified: sling/site/trunk/content/form-based-authenticationhandler.mdtext
URL: http://svn.apache.org/viewvc/sling/site/trunk/content/form-based-authenticationhandler.mdtext?rev=1341347&r1=1341346&r2=1341347&view=diff
==============================================================================
--- sling/site/trunk/content/form-based-authenticationhandler.mdtext (original)
+++ sling/site/trunk/content/form-based-authenticationhandler.mdtext Tue May 22 08:25:18 2012
@@ -1,219 +1,120 @@
Title: Form Based AuthenticationHandler
-<a name="FormBasedAuthenticationHandler-FormBasedAuthenticationHandler"></a>
+
# Form Based AuthenticationHandler
-{toc:type=flat|separator=pipe|minLevel=2|maxLevel=3}
+[TOC]
-The Form Based AuthenticationHandler has two authentication phases: The
-first phase is presenting a login form to the user and passing the entered
-user name and password to the server. The second phase is storing
-successful authentication in a Cookie or an HTTP Session.
+The Form Based AuthenticationHandler has two authentication phases: The first phase is presenting a login form to the user and passing the entered user name and password to the server. The second phase is storing successful authentication in a Cookie or an HTTP Session.
-The implementation of the Form Based Authentication Handler follows the
-guidelines of the Servlet API 2.4 specification for _Form Based
-Authentication_ in section SRV.12.5.3. Specifically the following
-requirements are implemented:
+The implementation of the Form Based Authentication Handler follows the guidelines of the Servlet API 2.4 specification for *Form Based Authentication* in section SRV.12.5.3. Specifically the following requirements are implemented:
-* For the initial form submission, the request URL must end with
-*/j_security_check* and the user name and password names must be
-*j_username* and *j_password*, resp.
-* The authentication type as returned by
-*HttpServletRequest.getAuthType()* is set to
-*HttpServletRequest.FORM_AUTH*.
+* For the initial form submission, the request URL must end with `/j*security*check` and the user name and password names must be `j*username` and `j*password`, resp.
+* The authentication type as returned by `HttpServletRequest.getAuthType()` is set to `HttpServletRequest.FORM_AUTH`.
-The Form Based Authentication Handler is maintained in the [Sling SVN](http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form)
+The Form Based Authentication Handler is maintained in the [Sling SVN]({{ refs.http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form.path }})
-<a name="FormBasedAuthenticationHandler-AuthenticationHandlerimplementation"></a>
### AuthenticationHandler implementation
-* *extractCredentials* -- Prepares credentials for the form entered data
-or from the Cookie or HTTP Session attribute. Returns *null* if neither
-data is provided in the request
-* *requestCredentials* -- Redirects the client (browser) to the login
-form
-* *dropCredentials* -- Remove the Cookie or remove the HTTP Session
-attribute
+* `extractCredentials` -- Prepares credentials for the form entered data or from the Cookie or HTTP Session attribute. Returns `null` if neither data is provided in the request
+* `requestCredentials` -- Redirects the client (browser) to the login form
+* `dropCredentials` -- Remove the Cookie or remove the HTTP Session attribute
-<a name="FormBasedAuthenticationHandler-AuthenticationFeedbackHandlerimplementation"></a>
### AuthenticationFeedbackHandler implementation
-* *authenticationFailed* -- Remove the Cookie or remove the HTTP Session
-attribute
-* *authenticationSucceeded* -- Set (or update) the Cookie or HTTP Session
-attribute
+* `authenticationFailed` -- Remove the Cookie or remove the HTTP Session attribute
+* `authenticationSucceeded` -- Set (or update) the Cookie or HTTP Session attribute
-<a name="FormBasedAuthenticationHandler-Phase1:FormSubmission"></a>
### Phase 1: Form Submission
-The login form submitted in phase 1 to validate the user name and password
-must be provided in an HTTP *POST* request to an URL whose last segment
-is *j_security_check*. The request is ignored as a form submission if
-either the method is not *POST* or the last segment is no
-*j_security_check*.
-
-The form is rendered by redirecting the client to the URL indicated by the
-*form.login.form* configuration parameter. This redirection request may
-accompanyied by the following parameters:
-
-* *resource* -- The resource to which the user should be redirected after
-successful login. This request parameter should be submitted back to the
-server as the *resource* parameter.
-* *j_reason* -- This parameter indicates the reason for rendering the
-login form. If this parameter is set, it is set to *INVALID_CREDENTIALS*
-indicating a previous form submission presented invalid username and
-password or *TIMEOUT* indicating a login session has timed out. The login
-form servlet/script can present the user with an appropriate message.
-
-The Form Based Authentication Handlers supports the following request
-parameters submitted by the HTML form:
-
-* *j_username* -- Name of the user to authenticate
-* *j_password* -- Password to authenticate the user
-* *j_validate* -- Flag indicating whether to just validate the
-credentials
-* *resource* -- The location to go to on successful login
-* *sling.auth.redirect* -- The location to redirect to on successful
-login
-
-The *j_username* and *j_password* parameters are used to create a JCR
-*SimpleCredentials* object to log into the JCR Repository.
-
-The *j_validate* parameter may be used to implement login form submission
-using AJAX. If this parameter is set to *true* (case-insensitive) the
-credentials are used to login and after success or failure to return a
-status code:
-
-<table>
-<tr><th> Status </th><th> Description </th></tr>
-<tr><td> *200 OK* </td><td> Authentication succeeded; credentials are valid for login;
-the Cookie or HTTP Session attribute is now set </td></tr>
-<tr><td> *403 FORBIDDEN* </td><td> Authentication failed; credentials are invalid for
-login; the Cookie or HTTP Session attribute is not set (if it was set, it
-is now cleared) </td></tr>
-</table>
-
-If the *j_validate* parameter is not set or is set to any value other
-than *true*, the request processing depends on authentication success or
-failure:
-
-<table>
-<tr><th> Authentication </th><th> Description </th></tr>
-<tr><td> Success </td><td> Client is redirected to the authenticated resource; the Cookie
-or HTTP Session attribute is now set. </td></tr>
-<tr><td> Failure </td><td> The request is redirected to the login form again; the Cookie
-or HTTP Session attribute is not set (if it was set, it is now cleared) </td></tr>
-</table>
-
-The *resource* and *sling.auth.redirect* parameters provide similar
-functionality but with differing historical backgrounds. The *resource*
-parameter is based on the *resource* request attribute which is set by
-the login servlet to indicate the original target resource the client
-desired when it was forced to authenticate. The *sling.auth.redirect*
-parameter can be used by clients (applications like cURL or plain HTML
-forms) to request being redirected after successful login. If both
-parameters are set, the *sling.auth.redirect* parameter takes precedence.
-
-The Form Based Authentication Handler contains a [default form servlet](http://http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java)
- and [HTML form template from|http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/resources/org/apache/sling/auth/form/impl/login.html]
-.
+The login form submitted in phase 1 to validate the user name and password must be provided in an HTTP `POST` request to an URL whose last segment is `j*security*check`. The request is ignored as a form submission if either the method is not `POST` or the last segment is no `j*security*check`.
+
+The form is rendered by redirecting the client to the URL indicated by the `form.login.form` configuration parameter. This redirection request may accompanyied by the following parameters:
+
+* `resource` -- The resource to which the user should be redirected after successful login. This request parameter should be submitted back to the server as the `resource` parameter.
+* `j*reason` -- This parameter indicates the reason for rendering the login form. If this parameter is set, it is set to `INVALID*CREDENTIALS` indicating a previous form submission presented invalid username and password or `TIMEOUT` indicating a login session has timed out. The login form servlet/script can present the user with an appropriate message.
+
+The Form Based Authentication Handlers supports the following request parameters submitted by the HTML form:
+
+* `j_username` -- Name of the user to authenticate
+* `j_password` -- Password to authenticate the user
+* `j_validate` -- Flag indicating whether to just validate the credentials
+* `resource` -- The location to go to on successful login
+* `sling.auth.redirect` -- The location to redirect to on successful login
+
+The `j*username` and `j*password` parameters are used to create a JCR `SimpleCredentials` object to log into the JCR Repository.
+
+The `j_validate` parameter may be used to implement login form submission using AJAX. If this parameter is set to `true` (case-insensitive) the credentials are used to login and after success or failure to return a status code:
+
+| Status | Description |
+|--|--|
+| `200 OK` | Authentication succeeded; credentials are valid for login; the Cookie or HTTP Session attribute is now set |
+| `403 FORBIDDEN` | Authentication failed; credentials are invalid for login; the Cookie or HTTP Session attribute is not set (if it was set, it is now cleared) |
+
+If the `j_validate` parameter is not set or is set to any value other than `true`, the request processing depends on authentication success or failure:
+
+| Authentication | Description |
+|--|--|
+| Success | Client is redirected to the authenticated resource; the Cookie or HTTP Session attribute is now set. |
+| Failure | The request is redirected to the login form again; the Cookie or HTTP Session attribute is not set (if it was set, it is now cleared) |
+
+The `resource` and `sling.auth.redirect` parameters provide similar functionality but with differing historical backgrounds. The `resource` parameter is based on the `resource` request attribute which is set by the login servlet to indicate the original target resource the client desired when it was forced to authenticate. The `sling.auth.redirect` parameter can be used by clients (applications like cURL or plain HTML forms) to request being redirected after successful login. If both parameters are set, the `sling.auth.redirect` parameter takes precedence.
+
+The Form Based Authentication Handler contains a [default form servlet]({{ refs.http://http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java.path }}) and [HTML form template from|http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/resources/org/apache/sling/auth/form/impl/login.html].
-<a name="FormBasedAuthenticationHandler-Phase2:AuthenticatedRequests"></a>
### Phase 2: Authenticated Requests
-After the successful authentication of the user in phase 1, the
-authentication state is stored in a Cookie or an HTTP Session. The stored
-value is a security token with the following contents:
+After the successful authentication of the user in phase 1, the authentication state is stored in a Cookie or an HTTP Session. The stored value is a security token with the following contents:
- HmacSHA1(securetoken,
-<securetokennumber><expirytime>@<userID>)@<securetokennumber><expirytime>@<userID>
+ HmacSHA1(securetoken, <securetokennumber><expirytime>@<userID>)@<securetokennumber><expirytime>@<userID>
-The *securetoken* and *securetokennumber* are related in that an table
-of secure tokens is maintained where the *securetoken* is an entry in the
-table and the *securetokennumber* is the index in of the token in the
-table.
+The `securetoken` and `securetokennumber` are related in that an table of secure tokens is maintained where the `securetoken` is an entry in the table and the `securetokennumber` is the index in of the token in the table.
-The secure tokens are refreshed periodically causing the authentication
-state stored in the Cookie or the HTTP Session to be updated peridocally.
-This periodic update has two advantages:
+The secure tokens are refreshed periodically causing the authentication state stored in the Cookie or the HTTP Session to be updated peridocally. This periodic update has two advantages:
- * Login sessions time out after some period of inactivity: If a request
-is handled for an authentication state whose expiry time has passed, the
-request is considered unauthenticated.
- * If a Cookie would be stolen or an HTTP Session be hijacked, the
-authentication state expires within a reasonable amount of time to try to
-prevent stealing the authentication.
+ * Login sessions time out after some period of inactivity: If a request is handled for an authentication state whose expiry time has passed, the request is considered unauthenticated.
+ * If a Cookie would be stolen or an HTTP Session be hijacked, the authentication state expires within a reasonable amount of time to try to prevent stealing the authentication.
-The authentication state may be transmitted with a Cookie which is
-configured as follows:
+The authentication state may be transmitted with a Cookie which is configured as follows:
* *Cookie Path* -- Set to the servlet context path
* *Domain* -- See below
* *Age* -- Set to -1 to indicate a session Cookie
-* *Secure* -- Set to the value returned by the
-*ServletRequest.isSecure()* method
+* *Secure* -- Set to the value returned by the `ServletRequest.isSecure()` method
-If the authentication state is kept in an HTTP Session the setup of the
-session ID cookie is maintained by the servlet container and is outside of
-the control of the Form Based AuthenticationHandler.
+If the authentication state is kept in an HTTP Session the setup of the session ID cookie is maintained by the servlet container and is outside of the control of the Form Based AuthenticationHandler.
-<a name="FormBasedAuthenticationHandler-Configuration"></a>
### Configuration
-The Form Based Authentication Handler is configured with configuration
-provided by the OSGi Configuration Admin Service using the
-*org.apache.sling.formauth.FormAuthenticationHandler* service PID.
-
-<table>
-<tr><th> Parameter </th><th> Default </th><th> Description </th></tr>
-<tr><td> *form.login.form* </td><td> */system/sling/form/login* </td><td> The URL (without any
-context path prefix) to redirect the client to to present the login form. </td></tr>
-<tr><td> *form.auth.storage* </td><td> *cookie* </td><td> The type of storage used to provide
-the authentication state. Valid values are *cookie* and *session*. The
-default value also applies if any setting other than the supported values
-is configured. </td></tr>
-<tr><td> *form.auth.name* </td><td> *sling.formauth* </td><td> The name of the Cookie or HTTP
-Session attribute providing the authentication state. </td></tr>
-<tr><td> *form.auth.timeout* </td><td> *30* </td><td>The number of minutes after which a login
-session times out. This value is used as the expiry time set in the
-authentication data. </td></tr>
-<tr><td> *form.credentials.name* </td><td> *sling.formauth* </td><td> The name of the
-*SimpleCredentials* attribute used to provide the authentication data to
-the *LoginModulePlugin*. </td></tr>
-<tr><td> *form.token.file* </td><td> *cookie-tokens.bin* </td><td> The name of the file used
-to persist the security tokens. </td></tr>
-<tr><td> *form.default.cookie.domain* </td><td> </td><td> The domain on which cookies will be
-set, unless overridden in the *AuthenticationInfo* object. </td></tr>
-</table>
-
-_Note:_ The *form.token.file* parameter currently refers to a file stored
-in the file system. If the path is a relative path, the file is either
-stored in the Authentication Handler bundle private data area or -- if not
-possible -- below the location indicated by the *sling.home* framework
-property or -- if *sling.home* is not set -- the current working
-directory. In the future this file may be store in the JCR Repository to
-support clustering scenarios.
+The Form Based Authentication Handler is configured with configuration provided by the OSGi Configuration Admin Service using the `org.apache.sling.formauth.FormAuthenticationHandler` service PID.
+
+| Parameter | Default | Description |
+|--|--|--|
+| `form.login.form` | `/system/sling/form/login` | The URL (without any context path prefix) to redirect the client to to present the login form. |
+| `form.auth.storage` | `cookie` | The type of storage used to provide the authentication state. Valid values are `cookie` and `session`. The default value also applies if any setting other than the supported values is configured. |
+| `form.auth.name` | `sling.formauth` | The name of the Cookie or HTTP Session attribute providing the authentication state. |
+| `form.auth.timeout` | `30` |The number of minutes after which a login session times out. This value is used as the expiry time set in the authentication data. |
+| `form.credentials.name` | `sling.formauth` | The name of the `SimpleCredentials` attribute used to provide the authentication data to the `LoginModulePlugin`. |
+| `form.token.file` | `cookie-tokens.bin` | The name of the file used to persist the security tokens. |
+| `form.default.cookie.domain` | | The domain on which cookies will be set, unless overridden in the `AuthenticationInfo` object. |
+
+*Note:* The `form.token.file` parameter currently refers to a file stored in the file system. If the path is a relative path, the file is either stored in the Authentication Handler bundle private data area or -- if not possible -- below the location indicated by the `sling.home` framework property or -- if `sling.home` is not set -- the current working directory. In the future this file may be store in the JCR Repository to support clustering scenarios.
-<a name="FormBasedAuthenticationHandler-SecurityConsiderations"></a>
### Security Considerations
Form Based Authentication has some limitations in terms of security:
-1. User name and password are transmitted in plain text in the initial form
-submission.
-1. The Cookie used to provide the authentication state or the HTTP Session
-ID may be stolen.
-
-To prevent eavesdroppers from sniffing the credentials or stealing the
-Cookie a secure transport layer should be used such as TLS/SSL, VPN or
-IPSec.
+1. User name and password are transmitted in plain text in the initial form submission.
+1. The Cookie used to provide the authentication state or the HTTP Session ID may be stolen.
+
+To prevent eavesdroppers from sniffing the credentials or stealing the Cookie a secure transport layer should be used such as TLS/SSL, VPN or IPSec.