You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2011/11/18 22:55:09 UTC
svn commit: r1203871 - in /sling/trunk/bundles/auth/core/src/main: java/org/apache/sling/auth/core/impl/SlingAuthenticator.java resources/OSGI-INF/metatype/metatype.properties

Author: fmeschbe
Date: Fri Nov 18 21:55:09 2011
New Revision: 1203871

URL: http://svn.apache.org/viewvc?rev=1203871&view=rev
Log:
SLING-2280 Implement Option 4: HTTP Basic Handler is fully enabled ignoring any conflicting configuration if anonymous access is disabled. This causes the HTTP Basic Handler to operate as a proper fallback for authentication. If anonymous access is allowed the HTTP Basic enablement configuration is still followed.

Modified:
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
    sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1203871&r1=1203870&r2=1203871&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Fri Nov 18 21:55:09 2011
@@ -42,7 +42,6 @@ import org.apache.felix.scr.annotations.
 import org.apache.felix.scr.annotations.PropertyUnbounded;
 import org.apache.felix.scr.annotations.Reference;
 import org.apache.felix.scr.annotations.Service;
-import org.apache.felix.scr.annotations.Services;
 import org.apache.sling.api.auth.Authenticator;
 import org.apache.sling.api.auth.NoAuthenticationHandlerException;
 import org.apache.sling.api.resource.LoginException;
@@ -83,9 +82,7 @@ import org.slf4j.LoggerFactory;
  * URL.
  */
 @Component(name = "org.apache.sling.engine.impl.auth.SlingAuthenticator", label = "%auth.name", description = "%auth.description", metatype = true)
-@Services( { @Service(value = Authenticator.class),
-    @Service(value = AuthenticationSupport.class),
-    @Service(value = ServletRequestListener.class) })
+@Service(value = { Authenticator.class, AuthenticationSupport.class, ServletRequestListener.class })
 @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation")
 public class SlingAuthenticator implements Authenticator,
         AuthenticationSupport, ServletRequestListener {
@@ -322,10 +319,8 @@ public class SlingAuthenticator implemen
 
         authRequiredCache.clear();
 
-        boolean flag = OsgiUtil.toBoolean(
-            properties.get(PAR_ANONYMOUS_ALLOWED), DEFAULT_ANONYMOUS_ALLOWED);
-        authRequiredCache.addHolder(new AuthenticationRequirementHolder("/",
-            !flag, null));
+        final boolean anonAllowed = OsgiUtil.toBoolean(properties.get(PAR_ANONYMOUS_ALLOWED), DEFAULT_ANONYMOUS_ALLOWED);
+        authRequiredCache.addHolder(new AuthenticationRequirementHolder("/", !anonAllowed, null));
 
         String[] authReqs = OsgiUtil.toStringArray(properties.get(PAR_AUTH_REQ));
         if (authReqs != null) {
@@ -351,16 +346,19 @@ public class SlingAuthenticator implemen
             serviceListener.registerServices();
         }
 
-        // register as a service !
-        final String realm = OsgiUtil.toString(properties.get(PAR_REALM_NAME),
-            DEFAULT_REALM);
-        final String http = OsgiUtil.toString(properties.get(PAR_HTTP_AUTH),
-            HTTP_AUTH_PREEMPTIVE);
+        final String http;
+        if (anonAllowed) {
+            http = OsgiUtil.toString(properties.get(PAR_HTTP_AUTH), HTTP_AUTH_PREEMPTIVE);
+        } else {
+            http = HTTP_AUTH_ENABLED;
+            log.debug("modified: Anonymous Access is denied thus HTTP Basic Authentication is fully enabled");
+        }
+
         if (HTTP_AUTH_DISABLED.equals(http)) {
             httpBasicHandler = null;
         } else {
-            httpBasicHandler = new HttpBasicAuthenticationHandler(realm,
-                HTTP_AUTH_ENABLED.equals(http));
+            final String realm = OsgiUtil.toString(properties.get(PAR_REALM_NAME), DEFAULT_REALM);
+            httpBasicHandler = new HttpBasicAuthenticationHandler(realm, HTTP_AUTH_ENABLED.equals(http));
         }
     }
 

Modified: sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1203871&r1=1203870&r2=1203871&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties (original)
+++ sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties Fri Nov 18 21:55:09 2011
@@ -83,7 +83,9 @@ auth.http.description = Level of support
  support can be provided in three levels: (1) no support at all, that is \
  disabled, (2) preemptive support, that is HTTP Basic Authentication is \
  supported if the authentication header is set in the request, (3) full \
- support. The default is preemptive support.
+ support. The default is preemptive support unless Anonymous Access is \
+ not allowed. In this case HTTP Basic Authentication is always enabled \
+ to ensure clients can authenticate at least with basic authentication.
 
 auth.http.realm.name = Realm
 auth.http.realm.description = HTTP BASIC authentication realm. This property \