You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2011/11/18 22:55:09 UTC
svn commit: r1203871 - in /sling/trunk/bundles/auth/core/src/main:
java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
resources/OSGI-INF/metatype/metatype.properties
Author: fmeschbe
Date: Fri Nov 18 21:55:09 2011
New Revision: 1203871
URL: http://svn.apache.org/viewvc?rev=1203871&view=rev
Log:
SLING-2280 Implement Option 4: HTTP Basic Handler is fully enabled ignoring any conflicting configuration if anonymous access is disabled. This causes the HTTP Basic Handler to operate as a proper fallback for authentication. If anonymous access is allowed the HTTP Basic enablement configuration is still followed.
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1203871&r1=1203870&r2=1203871&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Fri Nov 18 21:55:09 2011
@@ -42,7 +42,6 @@ import org.apache.felix.scr.annotations.
import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
-import org.apache.felix.scr.annotations.Services;
import org.apache.sling.api.auth.Authenticator;
import org.apache.sling.api.auth.NoAuthenticationHandlerException;
import org.apache.sling.api.resource.LoginException;
@@ -83,9 +82,7 @@ import org.slf4j.LoggerFactory;
* URL.
*/
@Component(name = "org.apache.sling.engine.impl.auth.SlingAuthenticator", label = "%auth.name", description = "%auth.description", metatype = true)
-@Services( { @Service(value = Authenticator.class),
- @Service(value = AuthenticationSupport.class),
- @Service(value = ServletRequestListener.class) })
+@Service(value = { Authenticator.class, AuthenticationSupport.class, ServletRequestListener.class })
@Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation")
public class SlingAuthenticator implements Authenticator,
AuthenticationSupport, ServletRequestListener {
@@ -322,10 +319,8 @@ public class SlingAuthenticator implemen
authRequiredCache.clear();
- boolean flag = OsgiUtil.toBoolean(
- properties.get(PAR_ANONYMOUS_ALLOWED), DEFAULT_ANONYMOUS_ALLOWED);
- authRequiredCache.addHolder(new AuthenticationRequirementHolder("/",
- !flag, null));
+ final boolean anonAllowed = OsgiUtil.toBoolean(properties.get(PAR_ANONYMOUS_ALLOWED), DEFAULT_ANONYMOUS_ALLOWED);
+ authRequiredCache.addHolder(new AuthenticationRequirementHolder("/", !anonAllowed, null));
String[] authReqs = OsgiUtil.toStringArray(properties.get(PAR_AUTH_REQ));
if (authReqs != null) {
@@ -351,16 +346,19 @@ public class SlingAuthenticator implemen
serviceListener.registerServices();
}
- // register as a service !
- final String realm = OsgiUtil.toString(properties.get(PAR_REALM_NAME),
- DEFAULT_REALM);
- final String http = OsgiUtil.toString(properties.get(PAR_HTTP_AUTH),
- HTTP_AUTH_PREEMPTIVE);
+ final String http;
+ if (anonAllowed) {
+ http = OsgiUtil.toString(properties.get(PAR_HTTP_AUTH), HTTP_AUTH_PREEMPTIVE);
+ } else {
+ http = HTTP_AUTH_ENABLED;
+ log.debug("modified: Anonymous Access is denied thus HTTP Basic Authentication is fully enabled");
+ }
+
if (HTTP_AUTH_DISABLED.equals(http)) {
httpBasicHandler = null;
} else {
- httpBasicHandler = new HttpBasicAuthenticationHandler(realm,
- HTTP_AUTH_ENABLED.equals(http));
+ final String realm = OsgiUtil.toString(properties.get(PAR_REALM_NAME), DEFAULT_REALM);
+ httpBasicHandler = new HttpBasicAuthenticationHandler(realm, HTTP_AUTH_ENABLED.equals(http));
}
}
Modified: sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1203871&r1=1203870&r2=1203871&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties (original)
+++ sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties Fri Nov 18 21:55:09 2011
@@ -83,7 +83,9 @@ auth.http.description = Level of support
support can be provided in three levels: (1) no support at all, that is \
disabled, (2) preemptive support, that is HTTP Basic Authentication is \
supported if the authentication header is set in the request, (3) full \
- support. The default is preemptive support.
+ support. The default is preemptive support unless Anonymous Access is \
+ not allowed. In this case HTTP Basic Authentication is always enabled \
+ to ensure clients can authenticate at least with basic authentication.
auth.http.realm.name = Realm
auth.http.realm.description = HTTP BASIC authentication realm. This property \