You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2016/06/08 15:45:08 UTC
svn commit: r1747410 - in /jackrabbit/site/live/oak/docs/security/authentication: external/externallogin_examples.html preauthentication.html

Author: angela
Date: Wed Jun  8 15:45:08 2016
New Revision: 1747410

URL: http://svn.apache.org/viewvc?rev=1747410&view=rev
Log:
OAK-936: Site checkin for project Oak Documentation-1.6-SNAPSHOT

Modified:
    jackrabbit/site/live/oak/docs/security/authentication/external/externallogin_examples.html
    jackrabbit/site/live/oak/docs/security/authentication/preauthentication.html

Modified: jackrabbit/site/live/oak/docs/security/authentication/external/externallogin_examples.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/authentication/external/externallogin_examples.html?rev=1747410&r1=1747409&r2=1747410&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/authentication/external/externallogin_examples.html (original)
+++ jackrabbit/site/live/oak/docs/security/authentication/external/externallogin_examples.html Wed Jun  8 15:45:08 2016
@@ -651,7 +651,7 @@
                      idp.name=&quot;your_idp_name&quot;;
    };
 </pre></div>
-<p>See <a href="../preauthentication.html">Pre-Authenticated Login</a> for an example <tt>LoginModule</tt> that illustrates how the pre-authentication is being pushed to the shared stated.</p>
+<p>See <a href="../preauthentication.html#withloginchain">Pre-Authenticated Login</a> for an example <tt>LoginModule</tt> that illustrates how the pre-authentication is being pushed to the shared stated.</p>
 <p><i>Note:</i> This configuration has been slightly adjusted from the example in <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-3508">OAK-3508</a> marking the pre-auth login to be <i>optional</i>. This highlights the fact that subsequent <tt>LoginModule</tt>s are in charge of respecting the <tt>PreAuthenticatedLogin</tt> marker and properly populating the <tt>Subject</tt> in the second <i>commit</i> phase.</p>
 <p>Also, in the example implementation the login never succeeds (in which case <i>sufficient</i> would actually work as well). However, if it ever succeeded the <tt>PreAuthenticatedLogin</tt> marker would be meaningless and the pre-auth module in fact would have to populate the <tt>Subject</tt> i.e. relying on details defined and handled by other <tt>LoginModule</tt>s. </p></div>
 <div class="section">

Modified: jackrabbit/site/live/oak/docs/security/authentication/preauthentication.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/authentication/preauthentication.html?rev=1747410&r1=1747409&r2=1747410&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/authentication/preauthentication.html (original)
+++ jackrabbit/site/live/oak/docs/security/authentication/preauthentication.html Wed Jun  8 15:45:08 2016
@@ -512,10 +512,11 @@
 
 <ul>
   
-<li>Pre-Authentication combined with Login Module Chain</li>
+<li><a href="#withloginchain">Pre-Authentication combined with Login Module Chain</a></li>
   
-<li>Pre-Authentication without Repository Involvement</li>
+<li><a href="#withoutrepository">Pre-Authentication without Repository Involvement</a></li>
 </ul>
+<p><a name="withloginchain"></a></p>
 <div class="section">
 <h3>Pre-Authentication combined with Login Module Chain<a name="Pre-Authentication_combined_with_Login_Module_Chain"></a></h3>
 <p>This first variant allows to support 3rd party login modules that wish to provide the login context with pre authenticated login names, but still want to rely on the rest of the Oak&#x2019;s login module chain. For example an external SSO login module can extract the userid from a servlet request and use it to authenticate against the repository. But instead of re-implementing the user lookup and subject population (and possible external user synchronization) it just informs any subsequent login modules that the credential validation was already successful.</p>
@@ -572,7 +573,8 @@
         return false;
     }
 }
-</pre></div></div></div></div>
+</pre></div>
+<p><a name="withoutrepository"></a></p></div></div></div>
 <div class="section">
 <h3>Pre-Authentication without Repository Involvement<a name="Pre-Authentication_without_Repository_Involvement"></a></h3>
 <p>Like in Jackrabbit-core the repository internal authentication verification can be skipped by calling <tt>Repository#login()</tt> or <tt>Repository#login(null, wspName)</tt>. In this case the repository implementation expects the verification to be performed prior to the login call.</p>